Bookstack@* Security Vulnerabilities and Issues — Bookstack@* CVE List

Lucene search

BookstackappBookstack*

4 matches found

CVE•added 2020/03/09 4:15 p.m.•68 views

CVE-2020-5256

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users ar...

9CVSS8.3AI score0.00675EPSS

CVE•added 2020/11/03 9:15 p.m.•46 views

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page ...

8.7CVSS8AI score0.00432EPSS

CVE•added 2020/11/03 7:15 p.m.•39 views

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the l...

8.7CVSS8.2AI score0.00432EPSS

CVE•added 2020/12/09 5:15 p.m.•30 views

CVE-2020-26260

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or ...

6.4CVSS6.2AI score0.00308EPSS