Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bookstack vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-3768
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Bookstackapp Bookstack
3.5
CVSSv2
CVE-2020-26210
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have b...
Bookstackapp Bookstack
3.5
CVSSv2
CVE-2020-26211
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permis...
Bookstackapp Bookstack
1 Github repository
5.5
CVSSv2
CVE-2020-26260
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make serv...
Bookstackapp Bookstack
1 Github repository
4
CVSSv2
CVE-2021-4194
bookstack is vulnerable to Improper Access Control
Bookstackapp Bookstack
4
CVSSv2
CVE-2021-3916
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Bookstackapp Bookstack
3.5
CVSSv2
CVE-2021-3915
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
Bookstackapp Bookstack
4
CVSSv2
CVE-2021-3944
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
Bookstackapp Bookstack
4
CVSSv2
CVE-2021-3906
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
Bookstackapp Bookstack
3.5
CVSSv2
CVE-2017-1000462
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.
Bookstackapp Bookstack 0.18.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2