Vulnerabilities > Bookstackapp > Bookstack > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-03 | CVE-2020-26211 | Unspecified vulnerability in Bookstackapp Bookstack In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. | 8.7 |
| 2020-11-03 | CVE-2020-26210 | Unspecified vulnerability in Bookstackapp Bookstack In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. | 8.7 |
| 2020-03-09 | CVE-2020-5256 | Unrestricted Upload of File with Dangerous Type vulnerability in Bookstackapp Bookstack BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. | 8.8 |