CVE-2020-5256

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

Improper Access Control

ssddanbrown/bookstack is vulnerable to Improper Access Control. The vulnerability is due to the lack of proper validation in BookStack, that allowing attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

BookStack Incorrect Access Control vulnerability

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

GHSA-PJ36-FCRG-327J BookStack Incorrect Access Control vulnerability

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

CVE-2024-36676

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

CVE-2024-36676

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

BookStack Security Breach

BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A security vulnerability exists in BookStack versions prior to v24.05.1 that stems from the presence of faulty access controls that allow an attacker to identify existing system...

CVE-2024-36676

The CVE-2024-36676 entry concerns BookStack prior to v24.05.1, where an incorrect access control flaw allows an attacker to confirm existing system users and trigger a targeted notification email DoS via public-facing forms. The vulnerability is documented in multiple sources (e.g., BookStack rel...

CVE-2024-36676

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

PT-2024-27119 · Bookstack · Bookstack

Name of the Vulnerable Software and Affected Versions: BookStack versions prior to 24.05.1 Description: The issue is related to incorrect access control, allowing attackers to confirm existing system users and perform targeted notification email Denial of Service DoS via public-facing forms...

CVE-2024-36676

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms...

BookStack Code Issues Vulnerabilities

BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A code issue vulnerability exists in BookStack version 23.10.2 that stems from allowing filtering of local text on the server, leaving the application vulnerable to SSRF...

CVE-2023-4624

Server-Side Request Forgery SSRF in GitHub repository bookstackapp/bookstack prior to v23.08...

CVE-2023-4624 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

Server-Side Request Forgery SSRF in GitHub repository bookstackapp/bookstack prior to v23.08...

CVE-2023-4624 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

Server-Side Request Forgery SSRF in GitHub repository bookstackapp/bookstack prior to v23.08...

CVE-2023-4624

CVE-2023-4624: SSRF in BookStack (bookstackapp/bookstack) prior to v23.08. The issue is a server-side request forgery in the application’s handling of requests, enabling the server to be coerced into making unintended outbound requests. Affected product: BookStack software; vulnerable component/f...

PT-2023-29923 · Bookstack · Bookstack

Name of the Vulnerable Software and Affected Versions: bookstack versions prior to v23.08 Description: The issue is related to Server-Side Request Forgery SSRF in the GitHub repository bookstackapp/bookstack. This allows an attacker to make unauthorized requests on behalf of the server...

BookStack 代码问题漏洞

BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A code issue vulnerability exists in versions prior to BookStack v23.08 that stems from the presence of server-side request forgery SSRF in BookStack...