Vulnerabilities > Bookstackapp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-27 | CVE-2021-3906 | Unrestricted Upload of File with Dangerous Type vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | 6.5 |
| 2021-10-15 | CVE-2021-3874 | Path Traversal vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 6.5 |
| 2021-09-06 | CVE-2021-3767 | Cross-site Scripting vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 |
| 2021-09-06 | CVE-2021-3768 | Cross-site Scripting vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 |
| 2021-09-02 | CVE-2021-3758 | Server-Side Request Forgery (SSRF) vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Server-Side Request Forgery (SSRF) | 6.5 |
| 2020-12-09 | CVE-2020-26260 | Injection vulnerability in Bookstackapp Bookstack BookStack is a platform for storing and organising information and documentation. | 6.4 |
| 2020-11-03 | CVE-2020-26211 | Cross-site Scripting vulnerability in Bookstackapp Bookstack In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. | 8.7 |
| 2020-11-03 | CVE-2020-26210 | Cross-site Scripting vulnerability in Bookstackapp Bookstack In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. | 8.7 |
| 2020-05-07 | CVE-2020-11055 | Cross-site Scripting vulnerability in Bookstackapp Bookstack In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. | 5.4 |
| 2020-03-09 | CVE-2020-5256 | Unrestricted Upload of File with Dangerous Type vulnerability in Bookstackapp Bookstack BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. | 8.8 |