CVE-2021-4119 Improper Access Control in bookstackapp/bookstack

bookstack is vulnerable to Improper Access Control...

bookstack cross-site request forgery vulnerability

BookStack is the BookStackApp team's open source platform for building wiki documents using PHP and Laravel. bookstack suffers from a cross-site request forgery vulnerability, which stems from the software's lack of validation for cross-site request forgery. An attacker could use this vulnerabili...

CVE-2021-3944 Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack

bookstack is vulnerable to Cross-Site Request Forgery CSRF...

CVE-2021-4026 Improper Access Control in bookstackapp/bookstack

bookstack is vulnerable to Improper Access Control...

CVE-2021-3915 Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type...

Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack

Description Login CSRF via /register/confirm/token endpoint. Proof of Concept 1: Register account with the same username as our victim, an email confirmation will take place 2: Retrieve token from email. 3: Send a link http://BOOKSTACKAPPURL/register/confirm/token to user. 4: When the user clicks...

BookStack has an unspecified vulnerability

BookStack is an open source set of BookStackApp Bookstackapp team's platform for building wiki documents using PHP and Laravel. bookstackapp suffers from a security vulnerability that stems from an improper restriction on the pathname of restricted directories in bookstack. An attacker could...

CVE-2021-3874 Path Traversal in bookstackapp/bookstack

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal'...

CVE-2021-3768 Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

CVE-2021-3758 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

bookstack is vulnerable to Server-Side Request Forgery SSRF...

Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

✍️ Description There is svg tag filtration problem in "book page" egit leading to stored XSS. SVG images can be used on book pages, but there is not server side attribute filtration implemented for it. 🕵️‍♂️ Proof of Concept There is filter for href attribute, but inside SVG xlink:href used. That...

Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

✍️ Description There is html tag filtration problem in "book page" egit leading to stored XSS. By design "bad" tags and attributes stripped on client side when editing pageobvious bypass by editing request intercepted via burp and on server side addition filter applied, however this filter can be...

Server-Side Request Forgery (SSRF) in bookstackapp/bookstack

✍️ Description User with "Editor" rights can create a special book page containing tag with "src" property pointing to any external or internal resource. Exporting this page using default domPdf will result in firing request from server side. 🕵️‍♂️ Proof of Concept Updating page with malicious...