CVE-2020-11055

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment...

CVE-2021-4194

bookstack is vulnerable to Improper Access Control

CVE-2023-6199

Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.

CVE-2021-4026

bookstack is vulnerable to Improper Access Control

CVE-2021-3944

bookstack is vulnerable to Cross-Site Request Forgery (CSRF)

CVE-2021-3906

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type

CVE-2021-3916

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2021-3758

bookstack is vulnerable to Server-Side Request Forgery (SSRF)

CVE-2020-26260

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or ...

CVE-2021-3874

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')