Lucene search
K
BookstackappBookstack

10 matches found

CVE
CVE
added 2021/12/15 5:25 p.m.80 views

CVE-2021-4119

BookStack CVE-2021-4119 describes an Improper Access Control vulnerability in BookStack prior to version 21.11.3. The OSV/GHSA entries specify that a logged-in user with no privileges or a guest user (if public access is enabled) can access the /search/users/select endpoint (intended for admins) ...

9.8CVSS7.2AI score0.26893EPSS
CVE
CVE
added 2021/11/30 7:55 p.m.78 views

CVE-2021-4026

CVE-2021-4026 affects BookStack (open-source PHP/Laravel app). The vulnerability is an Improper Access Control in which users with API access can view attachments they should not have read access to, potentially exposing sensitive information. The issue is documented across multiple feeds (NVD en...

6.5CVSS4.7AI score0.00922EPSS
CVE
CVE
added 2021/11/13 9:15 a.m.77 views

CVE-2021-3915

CVE-2021-3915 affects BookStack (BookStackApp) and is due to a lack of file type restrictions in the controller, enabling Unrestricted Upload of files with dangerous types. Variants are noted across multiple feeds (NVD, CNVD, GHSA, RH—Red Hat) with exploit guidance not provided in the supplied do...

7.6CVSS5.7AI score0.0093EPSS
CVE
CVE
added 2021/12/02 4:40 p.m.61 views

CVE-2021-3944

CVE-2021-3944 affects BookStack. Multiple connected sources confirm a cross-site request forgery (CSRF) vulnerability in BookStack/BookStackApp, caused by insufficient CSRF validation. Documented details indicate the issue is CSRF without explicit exploitation vectors or patched versions in the p...

6.8CVSS5.1AI score0.00621EPSS
CVE
CVE
added 2021/11/05 2:50 p.m.55 views

CVE-2021-3916

CVE-2021-3916 affects BookStack (bookstackapp/bookstack). The vulnerability is an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) in the web-facing file handling, enabling access to files under the storage directory via crafted pathnames. The PoC demonstrates traversa...

6.5CVSS6.4AI score0.01202EPSS
CVE
CVE
added 2021/10/27 9:20 p.m.52 views

CVE-2021-3906

CVE-2021-3906 affects BookStack (bookstackapp/bookstack) via Unrestricted Upload of File with Dangerous Type. The root cause is a validation bypass: trim is applied to single-quoted strings, so an extension like pngr becomes png after trimming, allowing dangerous files to pass validation. This en...

6.5CVSS5.9AI score0.00646EPSS
CVE
CVE
added 2021/09/06 11:17 a.m.51 views

CVE-2021-3767

BookStack (CVE-2021-3767) is affected by a stored Cross-site Scripting (XSS) vulnerability in bookstackapp/bookstack caused by improper neutralization of input during web page generation. Public descriptions and PoCs show injected SVG content (notably via SVG elements and xlink:href) can lead to ...

5.4CVSS5.4AI score0.0058EPSS
CVE
CVE
added 2021/09/06 11:17 a.m.51 views

CVE-2021-3768

CVE-2021-3768 affects BookStack and stems from Improper Neutralization of Input During Web Page Generation, enabling stored Cross-Site Scripting (XSS). The vulnerability affects input handling in bookstack app/book pages and can lead to leakage of administrator cookies and other impacts as descri...

5.4CVSS5.4AI score0.0058EPSS
CVE
CVE
added 2021/09/02 12:6 p.m.45 views

CVE-2021-3758

CVE-2021-3758 affects BookStack (bookstackapp/bookstack). The vulnerability is an SSRF flaw in how a page exported to PDF handles HTML content (e.g., an tag referencing external resources). The PoC shows server-side requests triggered during PDF export, enabling access to internal resources from...

6.5CVSS6.4AI score0.008EPSS
CVE
CVE
added 2021/10/15 1:40 p.m.43 views

CVE-2021-3874

CVE-2021-3874: Path traversal in bookstackapp/bookstack (BookStack) due to improper restriction of restricted-directory pathnames. Impact described in connected sources as exposure of sensitive files via crafted pathnames (e.g., accessing logs/.htaccess) in BookStack export/filesystem operations....

6.5CVSS5.3AI score0.01163EPSS