Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

196 matches found

CNVD
CNVDadded 2020/11/05 12:0 a.m.2 views

BookStack Cross-Site Scripting Vulnerability (CNVD-2020-61018)

BookStack is BookStackApp team of a set of open source using PHP and Laravel to build wiki documentation platform . A security vulnerability exists in versions of BookStack prior to 0.30.4, which allows an attacker to insert javascript code or insert meta tags into a page, which could result in...

8.7CVSS7.1AI score0.00432EPSS
Exploits0References1
OSV
OSVadded 2020/11/03 9:15 p.m.15 views

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

8.7CVSS7.1AI score
Exploits0References4
NVD
NVDadded 2020/11/03 9:15 p.m.9 views

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

8.7CVSS7.8AI score0.00432EPSS
Exploits0References4
Prion
Prionadded 2020/11/03 9:15 p.m.15 views

Code injection

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

3.5CVSS8.4AI score0.00432EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2020/11/03 9:0 p.m.13 views

CVE-2020-26211 Cross-Site Scripting in BookStack

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

7.7CVSS8.5AI score0.00432EPSS
Exploits0References4
CVE
CVEadded 2020/11/03 9:0 p.m.52 views

CVE-2020-26211

In BookStack

8.7CVSS8AI score0.00432EPSS
Exploits0References4Affected Software1
NVD
NVDadded 2020/11/03 7:15 p.m.10 views

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

8.7CVSS8AI score0.00432EPSS
Exploits1References4
OSV
OSVadded 2020/11/03 7:15 p.m.8 views

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

8.7CVSS7.4AI score
Exploits0References4
Prion
Prionadded 2020/11/03 7:15 p.m.11 views

Code injection

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

3.5CVSS8.5AI score0.00432EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2020/11/03 6:20 p.m.12 views

CVE-2020-26210 Cross-Site Scripting in BookStack

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

7.7CVSS8.7AI score0.00432EPSS
Exploits1References4
CVE
CVEadded 2020/11/03 6:20 p.m.45 views

CVE-2020-26210

CVE-2020-26210 affects BookStack prior to version 0.30.4. A user with page-edit permissions could insert an attached link that executes untrusted JavaScript when a viewer clicks it, potentially leaving dangerous content in the database. The issue is fixed in 0.30.4. Workarounds include restrictin...

8.7CVSS8.2AI score0.00432EPSS
Exploits1References4Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2020/05/13 9:6 a.m.3 views

BookStack vulnerable to cross-site scripting

Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

6.3CVSS6.2AI score0.00391EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2020/05/13 12:0 a.m.47 views

JVN#41035278: BookStack vulnerable to cross-site scripting

BookStack contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update the software to the latest version according to the information provided by the developer. The developer states as follows; Aft...

6.3CVSS5.4AI score0.00391EPSS
Exploits0
Veracode
Veracodeadded 2020/05/08 4:39 a.m.12 views

Cross-Site Scripting (XSS)

ssddanbrown/bookstack is vulnerable to cross-site scripting XSS. Lack of validation and sanitization allows a remote attacker to inject and execute arbitrary Javascript in a user's browser via the comments...

6.3CVSS4.5AI score0.00391EPSS
Exploits0References6Affected Software1
CNVD
CNVDadded 2020/05/08 12:0 a.m.3 views

BookStack Cross-Site Scripting Vulnerability (CNVD-2020-35507)

BookStack is a set of open source using PHP and Laravel to build wiki documentation platform. A cross-site scripting vulnerability exists in BookStack versions 0.18.0 and later fixed in version 0.29.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

6.3CVSS6.4AI score0.00391EPSS
Exploits0References1
OSV
OSVadded 2020/05/07 9:15 p.m.9 views

CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

5.4CVSS5.3AI score
Exploits0References4
NVD
NVDadded 2020/05/07 9:15 p.m.10 views

CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

6.3CVSS6AI score0.00391EPSS
Exploits0References4
Prion
Prionadded 2020/05/07 9:15 p.m.8 views

Cross site scripting

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

3.5CVSS5.1AI score0.00391EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blogadded 2020/05/07 9:10 p.m.69 views

Cross-Site Scripting in BookStack

Impact A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machine...

6.3CVSS0.00391EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2020/05/07 9:10 p.m.15 views

GHSA-5VF7-Q87H-PG6W Cross-Site Scripting in BookStack

Impact A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machine...

6.3CVSS5.8AI score0.00391EPSS
Exploits0References5
Rows per page
Query Builder