Vulnerabilities > Bookstackapp > Bookstack > 0.29.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-15 | CVE-2021-3874 | Path Traversal vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 4.0 |
| 2021-09-06 | CVE-2021-3767 | Cross-site Scripting vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
| 2021-09-06 | CVE-2021-3768 | Cross-site Scripting vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
| 2021-09-02 | CVE-2021-3758 | Server-Side Request Forgery (SSRF) vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Server-Side Request Forgery (SSRF) | 4.0 |
| 2020-12-09 | CVE-2020-26260 | Injection vulnerability in Bookstackapp Bookstack BookStack is a platform for storing and organising information and documentation. | 5.5 |
| 2020-11-03 | CVE-2020-26211 | Cross-site Scripting vulnerability in Bookstackapp Bookstack In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. | 3.5 |
| 2020-11-03 | CVE-2020-26210 | Cross-site Scripting vulnerability in Bookstackapp Bookstack In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. | 3.5 |