196 matches found
CVE-2022-40690
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...
CVE-2022-40690
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...
Cross site scripting
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...
CVE-2022-40690
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...
CVE-2022-40690
CVE-2022-40690 is a cross-site scripting vulnerability in BookStack versions prior to v22.09. The issue allows a remote authenticated attacker to inject arbitrary JavaScript, executed in the browser of users accessing BookStack content (including via API usage). Affected component: BookStack web ...
CVE-2022-40690
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script...
BookStack vulnerable to cross-site scripting
Overview BookStack contains a cross-site scripting vulnerability CWE-79. Kenichi Okuno of Mitsui Bussan Secure Directions, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...
BookStack 跨站脚本漏洞
BookStack is a simple, self-hosted, easy-to-use platform from BookStack, Inc. for organizing and storing information. A cross-site scripting vulnerability exists in versions prior to BookStack v22.09. An attacker can exploit this vulnerability to execute arbitrary script on a user's web browser...
JVN#78862034: BookStack vulnerable to cross-site scripting
BookStack contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the site using the API of the product. Solution Update the Software Update the software to the latest version according to the information...
GHSA-CH37-CH8W-CFRQ Bookstack Cross-site Scripting vulnerability
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...
Bookstack Cross-site Scripting vulnerability
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...
GHSA-5RCC-6CMJ-7728 Cross-site Scripting in BookStack
Iframe tags don't have a sandbox attribute, this makes an attacker able to execute malicious javascript via an iframe and perform phishing attacks. The sandbox attribute will block script execution and prevents the content to navigate its top-level browsing context which will stop this type of...
CVE-2022-0877
CVE-2022-0877 affects the BookStack project (bookstackapp/bookstack). A Cross-site Scripting (XSS) vulnerability is stored in the repository prior to v22.02.3. Public sources in the connected set confirm the issue and reference the affected version range, with remediation noted as upgrading to v2...
CVE-2022-0877 Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack
Cross-site Scripting XSS - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3...
CVE-2022-0877 Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack
Cross-site Scripting XSS - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3...
Github bookstack跨站脚本漏洞
Github bookstack is a platform for storing and organizing information and documents. A security vulnerability exists in Github bookstack, no information about the vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...
bookstack is vulnerable to Improper Access Control
bookstack is vulnerable to Improper Access Control...
GHSA-GHHM-XRWP-75M9 bookstack is vulnerable to Improper Access Control
bookstack is vulnerable to Improper Access Control...
bookstack Access Control Error Vulnerability (CNVD-2022-03208)
BookStack is the BookStackApp team's set of open source platform for building wiki documents using PHP and Laravel. bookstack suffers from an access control error vulnerability that stems from a network system or product that does not properly restrict access to resources from unauthorized roles...
Privilege Escalation
ssddanbrown/bookstack is vulnerable to privilege escalation. The vulnerability exists because it does not enforce access control to create a chapter within the chosen book...