Vulnerabilities > Bookstackapp > Bookstack > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-30 | CVE-2023-4624 | Server-Side Request Forgery (SSRF) vulnerability in Bookstackapp Bookstack Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | 2.4 |
| 2022-03-08 | CVE-2022-0877 | Cross-site Scripting vulnerability in Bookstackapp Bookstack Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | 3.5 |
| 2021-11-13 | CVE-2021-3915 | Unrestricted Upload of File with Dangerous Type vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | 3.5 |
| 2021-09-06 | CVE-2021-3768 | Cross-site Scripting vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
| 2021-09-06 | CVE-2021-3767 | Cross-site Scripting vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 3.5 |
| 2020-11-03 | CVE-2020-26211 | Cross-site Scripting vulnerability in Bookstackapp Bookstack In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. | 3.5 |
| 2020-11-03 | CVE-2020-26210 | Cross-site Scripting vulnerability in Bookstackapp Bookstack In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. | 3.5 |
| 2020-05-07 | CVE-2020-11055 | Cross-site Scripting vulnerability in Bookstackapp Bookstack In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. | 3.5 |
| 2018-01-03 | CVE-2017-1000462 | Cross-site Scripting vulnerability in Bookstackapp Bookstack 0.18.4 BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. | 3.5 |