Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Bookstack
(Bookstackapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-11-03 | CVE-2020-26210 | In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing... | Bookstack | 8.7 | ||
| 2020-11-03 | CVE-2020-26211 | In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed... | Bookstack | 8.7 | ||
| 2020-12-09 | CVE-2020-26260 | BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only... | Bookstack | 6.4 | ||
| 2021-09-02 | CVE-2021-3758 | bookstack is vulnerable to Server-Side Request Forgery (SSRF) | Bookstack | 6.5 | ||
| 2021-09-06 | CVE-2021-3767 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Bookstack | 5.4 | ||
| 2021-09-06 | CVE-2021-3768 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Bookstack | 5.4 | ||
| 2021-10-15 | CVE-2021-3874 | bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Bookstack | 6.5 | ||
| 2021-10-27 | CVE-2021-3906 | bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | Bookstack | 6.5 | ||
| 2021-11-05 | CVE-2021-3916 | bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Bookstack | 6.5 | ||
| 2021-11-13 | CVE-2021-3915 | bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | Bookstack | 5.7 |