CVE-2020-11055

BookStack versions >= 0.18.0 and

CVE-2020-11055 Cross-site Scripting in BookStack

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...

GHSA-G9RQ-X4FJ-F5HX Remote Code Execution Through Image Uploads in BookStack

Impact A user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area o...

Remote Code Execution (RCE)

ssddanbrown/bookstack is vulnerable to remote code execution RCE. The attack exists because it allows untrusted users to upload PHP files to any area of applications by using image upload function and to execute the malicious PHP code on host system with PHP process permissions...

BookStack Remote Code Execution Vulnerability

BookStack is a platform for storing and organizing information and documents. A remote code execution vulnerability exists in versions of BookStack prior to 0.25.5. The vulnerability stems from a user being able to upload PHP files via the image upload feature. An attacker can exploit this...

CVE-2020-5256

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...

CVE-2020-5256

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...

Information disclosure

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...

CVE-2020-5256

BookStack before version 0.25.5 is vulnerable to remote code execution via image uploads, allowing an attacker to upload PHP files and execute code with the PHP process privileges. The issue affects scenarios where non-trusted users can upload images and was addressed by patches in v0.25.3, v0.25...

CVE-2020-5256 Remote Code Execution Through Image Uploads in BookStack

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...

BookStack Cross-Site Scripting Vulnerability

BookStack is a set of open source using PHP and Laravel to build wiki documentation platform. A cross-site scripting vulnerability exists in BookStack version 0.18.4. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScript code...

CVE-2017-1000462

BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code...

Cross site scripting

BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000462

BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000462

BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000462

BookStack 0.18.4 is affected by a stored cross-site scripting vulnerability in the page creation page. The issue may disrupt service and allow execution of arbitrary JavaScript within affected pages. No remediation or patch details are provided in the connected documents. Exploitation status is n...