Vulnerabilities > Bookstackapp

DATE CVE VULNERABILITY TITLE RISK
2021-10-27 CVE-2021-3906 Unspecified vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
network
low complexity
bookstackapp
6.5
2021-10-15 CVE-2021-3874 Path Traversal vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
network
low complexity
bookstackapp CWE-22
6.5
2021-09-06 CVE-2021-3767 Cross-site Scripting vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
bookstackapp CWE-79
5.4
2021-09-06 CVE-2021-3768 Cross-site Scripting vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
bookstackapp CWE-79
5.4
2021-09-02 CVE-2021-3758 Server-Side Request Forgery (SSRF) vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Server-Side Request Forgery (SSRF)
network
low complexity
bookstackapp CWE-918
6.5
2020-12-09 CVE-2020-26260 Injection vulnerability in Bookstackapp Bookstack
BookStack is a platform for storing and organising information and documentation.
network
low complexity
bookstackapp CWE-74
6.4
2020-11-03 CVE-2020-26211 Unspecified vulnerability in Bookstackapp Bookstack
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted.
network
low complexity
bookstackapp
8.7
2020-11-03 CVE-2020-26210 Unspecified vulnerability in Bookstackapp Bookstack
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page.
network
low complexity
bookstackapp
8.7
2020-05-07 CVE-2020-11055 Cross-site Scripting vulnerability in Bookstackapp Bookstack
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation.
network
low complexity
bookstackapp CWE-79
5.4
2020-03-09 CVE-2020-5256 Unrestricted Upload of File with Dangerous Type vulnerability in Bookstackapp Bookstack
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely.
network
low complexity
bookstackapp CWE-434
8.8