VYPR

Bookstackapp/bookstack

by Bookstackapp

Source repositories

CVEs (23)

  • CVE-2020-26210Nov 3, 2020
    risk 0.00cvss epss 0.01

    In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have…

  • CVE-2020-11055May 7, 2020
    risk 0.00cvss epss 0.01

    In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users…

  • CVE-2020-5256Mar 9, 2020
    risk 0.00cvss epss 0.02

    BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where…

Page 2 of 2