Vendor CVEs
Bookstackapp
All CVEs
23 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36676 | Hig | 0.42 | 7.5 | 0.01 | Jul 9, 2024 | Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms. | ||
| CVE-2017-1000462 | Med | 0.35 | 5.4 | 0.01 | Jan 3, 2018 | BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | ||
| CVE-2026-5484 | Med | 0.27 | 5.3 | 0.00 | Apr 3, 2026 | A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access… | ||
| CVE-2023-6199 | 0.01 | — | 0.01 | Nov 20, 2023 | Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF. | |||
| CVE-2023-4624 | 0.00 | — | 0.01 | Aug 30, 2023 | Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | |||
| CVE-2022-40690 | 0.00 | — | 0.01 | Oct 24, 2022 | Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. | |||
| CVE-2022-0877 | 0.00 | — | 0.01 | Mar 8, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | |||
| CVE-2021-4194 | 0.00 | — | 0.01 | Jan 6, 2022 | bookstack is vulnerable to Improper Access Control | |||
| CVE-2021-4119 | 0.00 | — | 0.27 | Dec 15, 2021 | bookstack is vulnerable to Improper Access Control | |||
| CVE-2021-3944 | 0.00 | — | 0.01 | Dec 2, 2021 | bookstack is vulnerable to Cross-Site Request Forgery (CSRF) | |||
| CVE-2021-4026 | 0.00 | — | 0.01 | Nov 30, 2021 | bookstack is vulnerable to Improper Access Control | |||
| CVE-2021-3915 | 0.00 | — | 0.01 | Nov 13, 2021 | bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | |||
| CVE-2021-3916 | 0.00 | — | 0.01 | Nov 5, 2021 | bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||
| CVE-2021-3906 | 0.00 | — | 0.01 | Oct 27, 2021 | bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | |||
| CVE-2021-3874 | 0.00 | — | 0.01 | Oct 15, 2021 | bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |||
| CVE-2021-3768 | 0.00 | — | 0.01 | Sep 6, 2021 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-3767 | 0.00 | — | 0.01 | Sep 6, 2021 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-3758 | 0.00 | — | 0.01 | Sep 2, 2021 | bookstack is vulnerable to Server-Side Request Forgery (SSRF) | |||
| CVE-2020-26260 | 0.00 | — | 0.01 | Dec 9, 2020 | BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server… | |||
| CVE-2020-26211 | 0.00 | — | 0.01 | Nov 3, 2020 | In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with… | |||
| CVE-2020-26210 | 0.00 | — | 0.01 | Nov 3, 2020 | In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have… | |||
| CVE-2020-11055 | 0.00 | — | 0.01 | May 7, 2020 | In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users… | |||
| CVE-2020-5256 | 0.00 | — | 0.02 | Mar 9, 2020 | BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where… |
- risk 0.42cvss 7.5epss 0.01
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.
- risk 0.35cvss 5.4epss 0.01
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.
- risk 0.27cvss 5.3epss 0.00
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access…
- CVE-2023-6199Nov 20, 2023risk 0.01cvss —epss 0.01
Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.
- CVE-2023-4624Aug 30, 2023risk 0.00cvss —epss 0.01
Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.
- CVE-2022-40690Oct 24, 2022risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.
- CVE-2022-0877Mar 8, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.
- CVE-2021-4194Jan 6, 2022risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Access Control
- CVE-2021-4119Dec 15, 2021risk 0.00cvss —epss 0.27
bookstack is vulnerable to Improper Access Control
- CVE-2021-3944Dec 2, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-4026Nov 30, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Access Control
- CVE-2021-3915Nov 13, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
- CVE-2021-3916Nov 5, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE-2021-3906Oct 27, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
- CVE-2021-3874Oct 15, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CVE-2021-3768Sep 6, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3767Sep 6, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3758Sep 2, 2021risk 0.00cvss —epss 0.01
bookstack is vulnerable to Server-Side Request Forgery (SSRF)
- CVE-2020-26260Dec 9, 2020risk 0.00cvss —epss 0.01
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server…
- CVE-2020-26211Nov 3, 2020risk 0.00cvss —epss 0.01
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with…
- CVE-2020-26210Nov 3, 2020risk 0.00cvss —epss 0.01
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have…
- CVE-2020-11055May 7, 2020risk 0.00cvss —epss 0.01
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users…
- CVE-2020-5256Mar 9, 2020risk 0.00cvss —epss 0.02
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where…