Packagist (Composer) package

ssddanbrown/bookstack

pkg:composer/ssddanbrown/bookstack

Vulnerabilities (10)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-36676	Hig	7.5	< 24.05.1	24.05.1	Jul 9, 2024	Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.
CVE-2022-0877		—	< 22.02.3	22.02.3	Mar 8, 2022	Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.
CVE-2021-4194		—	< 21.12.1	21.12.1	Jan 6, 2022	bookstack is vulnerable to Improper Access Control
CVE-2021-4119		—	< 21.11.3	21.11.3	Dec 15, 2021	bookstack is vulnerable to Improper Access Control
CVE-2021-3944		—	< 21.11	21.11	Dec 2, 2021	bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4026		—	< 21.11.2	21.11.2	Nov 30, 2021	bookstack is vulnerable to Improper Access Control
CVE-2021-3915		—	< 21.0.3	21.0.3	Nov 13, 2021	bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2020-26211		—	< 0.30.4	0.30.4	Nov 3, 2020	In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permis
CVE-2020-11055		—	>= 0.18.0, < 0.29.2	0.29.2	May 7, 2020	In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users
CVE-2020-5256		—	< 0.25.5	0.25.5	Mar 9, 2020	BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where n

CVE-2024-36676HigJul 9, 2024
affected < 24.05.1fixed 24.05.1
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.
CVE-2022-0877Mar 8, 2022
affected < 22.02.3fixed 22.02.3
Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.
CVE-2021-4194Jan 6, 2022
affected < 21.12.1fixed 21.12.1
bookstack is vulnerable to Improper Access Control
CVE-2021-4119Dec 15, 2021
affected < 21.11.3fixed 21.11.3
bookstack is vulnerable to Improper Access Control
CVE-2021-3944Dec 2, 2021
affected < 21.11fixed 21.11
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4026Nov 30, 2021
affected < 21.11.2fixed 21.11.2
bookstack is vulnerable to Improper Access Control
CVE-2021-3915Nov 13, 2021
affected < 21.0.3fixed 21.0.3
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
CVE-2020-26211Nov 3, 2020
affected < 0.30.4fixed 0.30.4
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permis
CVE-2020-11055May 7, 2020
affected >= 0.18.0, < 0.29.2fixed 0.29.2
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users
CVE-2020-5256Mar 9, 2020
affected < 0.25.5fixed 0.25.5
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where n