CVE-2020-5256 — CVSS 7.9 (high): BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow…
CVE-2020-26210 — CVSS 7.7 (high): In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted…
CVE-2020-26211 — CVSS 7.7 (high): In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:`…
CVE-2023-6199 — CVSS 6.5 (medium): Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.
CVE-2020-26260 — CVSS 6.4 (medium): BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with…
CVE-2020-11055 — CVSS 6.3 (medium): In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with…
CVE-2022-40690 — CVSS 5.4 (medium): Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary…
CVE-2021-3768 — CVSS 5.4 (medium): bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0877 — CVSS 5.4 (medium): Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.
CVE-2017-1000462 — CVSS 5.4 (medium): BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of…
CVE-2021-3767 — CVSS 5.4 (medium): bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')