Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:bookstackapp:bookstack:0.6.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-4624 |
Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. Published: August 30, 2023; 9:15:15 AM -0400 |
V4.0:(not available) V3.1: 2.4 LOW V2.0:(not available) |
CVE-2022-40690 |
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. Published: October 24, 2022; 10:15:52 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2022-0877 |
Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. Published: March 08, 2022; 8:15:08 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-4194 |
bookstack is vulnerable to Improper Access Control Published: January 06, 2022; 1:15:07 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-4119 |
bookstack is vulnerable to Improper Access Control Published: December 15, 2021; 3:15:08 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2021-3944 |
bookstack is vulnerable to Cross-Site Request Forgery (CSRF) Published: December 02, 2021; 12:15:08 PM -0500 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-4026 |
bookstack is vulnerable to Improper Access Control Published: November 30, 2021; 3:15:07 PM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-3915 |
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type Published: November 13, 2021; 5:15:07 AM -0500 |
V4.0:(not available) V3.1: 5.7 MEDIUM V2.0: 3.5 LOW |
CVE-2021-3916 |
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Published: November 05, 2021; 11:15:07 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-3906 |
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type Published: October 27, 2021; 6:15:07 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-3874 |
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Published: October 15, 2021; 10:15:07 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2021-3768 |
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Published: September 06, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-3767 |
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Published: September 06, 2021; 8:15:08 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2021-3758 |
bookstack is vulnerable to Server-Side Request Forgery (SSRF) Published: September 02, 2021; 8:15:07 AM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
CVE-2020-26260 |
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade. Published: December 09, 2020; 12:15:30 PM -0500 |
V4.0:(not available) V3.1: 6.4 MEDIUM V2.0: 5.5 MEDIUM |
CVE-2020-26211 |
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a page could insert a particular meta tag which could be used to silently redirect users to a alternative location upon visit of a page. Dangerous content may remain in the database but will be removed before being displayed on a page. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround without upgrading, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in BookStack version 0.30.4. Published: November 03, 2020; 4:15:12 PM -0500 |
V4.0:(not available) V3.1: 8.7 HIGH V2.0: 3.5 LOW |
CVE-2020-26210 |
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4. Published: November 03, 2020; 2:15:13 PM -0500 |
V4.0:(not available) V3.1: 8.7 HIGH V2.0: 3.5 LOW |
CVE-2020-5256 |
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area of the application. The issue was addressed in a series of patches in versions 0.25.3, 0.25.4 and 0.25.5. Users should upgrade to at least v0.25.5 to avoid this vulnerability. Published: March 09, 2020; 12:15:15 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 9.0 HIGH |