2 matches found
CVE-2020-26210
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...
CVE-2020-26210
CVE-2020-26210 affects BookStack prior to version 0.30.4. A user with page-edit permissions could insert an attached link that executes untrusted JavaScript when a viewer clicks it, potentially leaving dangerous content in the database. The issue is fixed in 0.30.4. Workarounds include restrictin...