CVE-2020-26260 Server Side Request Forgery in BookStack

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/o...

CVE-2020-26260

Summary: CVE-2020-26260 affects BookStack prior to v0.30.5. A user with page-edit permissions could set certain image URLs to manipulate the exporting system, enabling server-side requests and access to a wider scope of files within BookStack’s file storage. Root cause / impact (as stated): The v...

BookStack Injection Vulnerability

BookStack is an open source platform for building wiki documentation using PHP and Laravel from the BookStackApp Bookstackapp team. BookStack suffers from a security vulnerability that stems from the fact that in BookStack prior to version 0.30.5, users with edit page permissions could set up the...

BookStack cross-site scripting vulnerability (CNVD-2020-63954)

BookStack is BookStackApp team of a set of open source using PHP and Laravel to build wiki documentation platform . A cross-site scripting vulnerability exists in versions prior to BookStack 0.30.4, which stems from a lack of proper validation of client-side data by the WEB application. The...

BookStack Cross-Site Scripting Vulnerability (CNVD-2020-61018)

BookStack is BookStackApp team of a set of open source using PHP and Laravel to build wiki documentation platform . A security vulnerability exists in versions of BookStack prior to 0.30.4, which allows an attacker to insert javascript code or insert meta tags into a page, which could result in...

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

Code injection

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

CVE-2020-26211

In BookStack

CVE-2020-26211 Cross-Site Scripting in BookStack

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

Code injection

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

CVE-2020-26210 Cross-Site Scripting in BookStack

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

CVE-2020-26210

CVE-2020-26210 affects BookStack prior to version 0.30.4. A user with page-edit permissions could insert an attached link that executes untrusted JavaScript when a viewer clicks it, potentially leaving dangerous content in the database. The issue is fixed in 0.30.4. Workarounds include restrictin...

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

JVN#41035278: BookStack vulnerable to cross-site scripting

BookStack contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the developer. The developer states as follows; Aft...

Cross-Site Scripting (XSS)

ssddanbrown/bookstack is vulnerable to cross-site scripting XSS. Lack of validation and sanitization allows a remote attacker to inject and execute arbitrary Javascript in a user's browser via the comments...

BookStack Cross-Site Scripting Vulnerability (CNVD-2020-35507)

BookStack is a set of open source using PHP and Laravel to build wiki documentation platform. A cross-site scripting vulnerability exists in BookStack versions 0.18.0 and later fixed in version 0.29.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...