CVE-2022-0877

Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.

CVE-2023-4624

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.

CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment...

CVE-2024-36676

Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.

CVE-2020-5256

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users ar...

CVE-2021-4119

bookstack is vulnerable to Improper Access Control

CVE-2021-3915

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type

CVE-2021-4194

bookstack is vulnerable to Improper Access Control

CVE-2023-6199

Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.

CVE-2021-4026

bookstack is vulnerable to Improper Access Control

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page ...

CVE-2021-3944

bookstack is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2022-40690

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the l...

CVE-2021-3767

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2017-1000462

BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.

CVE-2021-3906

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type

CVE-2021-3916

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2021-3768

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2021-3758

bookstack is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2020-26260

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or ...

CVE-2021-3874

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')