Bookstackapp
Products
1- 23 CVEs
Recent CVEs
23| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36676 | Hig | 0.42 | 7.5 | 0.01 | Jul 9, 2024 | Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms. | ||
| CVE-2017-1000462 | Med | 0.35 | 5.4 | 0.01 | Jan 3, 2018 | BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | ||
| CVE-2026-5484 | Med | 0.27 | 5.3 | 0.00 | Apr 3, 2026 | A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access… | ||
| CVE-2023-6199 | 0.01 | — | 0.01 | Nov 20, 2023 | Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF. | |||
| CVE-2023-4624 | 0.00 | — | 0.01 | Aug 30, 2023 | Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | |||
| CVE-2022-40690 | 0.00 | — | 0.01 | Oct 24, 2022 | Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. | |||
| CVE-2022-0877 | 0.00 | — | 0.01 | Mar 8, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | |||
| CVE-2021-4194 | 0.00 | — | 0.01 | Jan 6, 2022 | bookstack is vulnerable to Improper Access Control | |||
| CVE-2021-4119 | 0.00 | — | 0.27 | Dec 15, 2021 | bookstack is vulnerable to Improper Access Control | |||
| CVE-2021-3944 | 0.00 | — | 0.01 | Dec 2, 2021 | bookstack is vulnerable to Cross-Site Request Forgery (CSRF) | |||
| CVE-2021-4026 | 0.00 | — | 0.01 | Nov 30, 2021 | bookstack is vulnerable to Improper Access Control | |||
| CVE-2021-3915 | 0.00 | — | 0.01 | Nov 13, 2021 | bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | |||
| CVE-2021-3916 | 0.00 | — | 0.01 | Nov 5, 2021 | bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||
| CVE-2021-3906 | 0.00 | — | 0.01 | Oct 27, 2021 | bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | |||
| CVE-2021-3874 | 0.00 | — | 0.01 | Oct 15, 2021 | bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||
| CVE-2021-3768 | 0.00 | — | 0.01 | Sep 6, 2021 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-3767 | 0.00 | — | 0.01 | Sep 6, 2021 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-3758 | 0.00 | — | 0.01 | Sep 2, 2021 | bookstack is vulnerable to Server-Side Request Forgery (SSRF) | |||
| CVE-2020-26260 | 0.00 | — | 0.01 | Dec 9, 2020 | BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server… | |||
| CVE-2020-26211 | 0.00 | — | 0.01 | Nov 3, 2020 | In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with… |
- risk 0.42cvss 7.5epss 0.01
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.
- risk 0.35cvss 5.4epss 0.01
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.
- risk 0.27cvss 5.3epss 0.00
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access…
- CVE-2023-6199Nov 20, 2023risk 0.01cvss —epss 0.01
Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.
- CVE-2023-4624Aug 30, 2023risk 0.00cvss —epss 0.01
Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.
- CVE-2022-40690Oct 24, 2022risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.
- CVE-2022-0877Mar 8, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.
- CVE-2021-4194Jan 6, 2022risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Access Control
- CVE-2021-4119Dec 15, 2021risk 0.00cvss —epss 0.27
bookstack is vulnerable to Improper Access Control
- CVE-2021-3944Dec 2, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-4026Nov 30, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Access Control
- CVE-2021-3915Nov 13, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
- CVE-2021-3916Nov 5, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE-2021-3906Oct 27, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
- CVE-2021-3874Oct 15, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE-2021-3768Sep 6, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3767Sep 6, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3758Sep 2, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Server-Side Request Forgery (SSRF)
- CVE-2020-26260Dec 9, 2020risk 0.00cvss —epss 0.01
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server…
- CVE-2020-26211Nov 3, 2020risk 0.00cvss —epss 0.01
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with…