33 matches found
EUVD-2026-18819
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...
CVE-2026-5484
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...
CVE-2026-5484 BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible...
CVE-2022-0877
Cross-site Scripting XSS - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3...
EUVD-2022-1328
Malicious code in bioql PyPI...
EUVD-2023-54477
Malicious code in bioql PyPI...
Exploit for Server-Side Request Forgery in Bookstackapp Bookstack
phpfilterchainoraclepoc Overview The Synacktiv team pu...
Exploit for Server-Side Request Forgery in Bookstackapp Bookstack
PHP filter chains: file read from error-based oracle. Updated...
CVE-2023-4624
Server-Side Request Forgery SSRF in GitHub repository bookstackapp/bookstack prior to v23.08...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF in GitHub repository bookstackapp/bookstack prior to v23.08...
CVE-2023-4624 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack
Server-Side Request Forgery SSRF in GitHub repository bookstackapp/bookstack prior to v23.08...
CVE-2023-4624 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack
Server-Side Request Forgery SSRF in GitHub repository bookstackapp/bookstack prior to v23.08...
CVE-2023-4624
CVE-2023-4624: SSRF in BookStack (bookstackapp/bookstack) prior to v23.08. The issue is a server-side request forgery in the application’s handling of requests, enabling the server to be coerced into making unintended outbound requests. Affected product: BookStack software; vulnerable component/f...
BookStackApp BookStack Improper Access Control (CVE-2021-4119)
An improper access control vulnerability exists in BookStackApp BookStack. Successful exploitation of this vulnerability could allow a remote attacker to read sensitive files on the affected system...
CVE-2022-0877
Cross-site Scripting XSS - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3...
CVE-2022-0877
CVE-2022-0877 affects the BookStack project (bookstackapp/bookstack). A Cross-site Scripting (XSS) vulnerability is stored in the repository prior to v22.02.3. Public sources in the connected set confirm the issue and reference the affected version range, with remediation noted as upgrading to v2...
CVE-2022-0877 Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack
Cross-site Scripting XSS - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3...
CVE-2021-4194 Improper Access Control in bookstackapp/bookstack
bookstack is vulnerable to Improper Access Control...
Improper Access Control in bookstackapp/bookstack
Description parentChapter permissions are not enforced during sort. Users with only book-update permissions on their own page can move their pages into restricted chapters via modifying the parentChapter id in the sortmap. Users do not need to have access to restricted books / chapter in order to...