Product:

Bookstack

(Bookstackapp)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 21
Date Id Summary Products Score Patch Annotated
2021-11-13 CVE-2021-3915 bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type Bookstack 5.7
2021-11-30 CVE-2021-4026 bookstack is vulnerable to Improper Access Control Bookstack 4.3
2021-12-02 CVE-2021-3944 bookstack is vulnerable to Cross-Site Request Forgery (CSRF) Bookstack 6.8
2021-12-15 CVE-2021-4119 bookstack is vulnerable to Improper Access Control Bookstack 9.8
2022-01-06 CVE-2021-4194 bookstack is vulnerable to Improper Access Control Bookstack 6.5
2022-03-08 CVE-2022-0877 Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. Bookstack 5.4
2022-10-24 CVE-2022-40690 Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. Bookstack 5.4
2023-08-30 CVE-2023-4624 Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. Bookstack 2.4
2023-11-20 CVE-2023-6199 Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF. Bookstack 6.5
2020-05-07 CVE-2020-11055 In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create... Bookstack N/A