Vulnerabilities > Bookstackapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-20 CVE-2023-6199 Server-Side Request Forgery (SSRF) vulnerability in Bookstackapp Bookstack 23.10.2
Book Stack version 23.10.2 allows filtering local files on the server.
network
low complexity
bookstackapp CWE-918
6.5
2022-10-24 CVE-2022-40690 Cross-site Scripting vulnerability in Bookstackapp Bookstack
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.
network
low complexity
bookstackapp CWE-79
5.4
2022-01-06 CVE-2021-4194 Incorrect Authorization vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Improper Access Control
network
low complexity
bookstackapp CWE-863
4.0
2021-12-02 CVE-2021-3944 Cross-Site Request Forgery (CSRF) vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
network
high complexity
bookstackapp CWE-352
4.0
2021-11-30 CVE-2021-4026 Incorrect Authorization vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Improper Access Control
network
low complexity
bookstackapp CWE-863
4.0
2021-11-05 CVE-2021-3916 Path Traversal vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
network
low complexity
bookstackapp CWE-22
4.0
2021-10-27 CVE-2021-3906 Unrestricted Upload of File with Dangerous Type vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
network
low complexity
bookstackapp CWE-434
4.0
2021-10-15 CVE-2021-3874 Path Traversal vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
network
low complexity
bookstackapp CWE-22
4.0
2021-09-02 CVE-2021-3758 Server-Side Request Forgery (SSRF) vulnerability in Bookstackapp Bookstack
bookstack is vulnerable to Server-Side Request Forgery (SSRF)
network
low complexity
bookstackapp CWE-918
4.0
2020-12-09 CVE-2020-26260 Injection vulnerability in Bookstackapp Bookstack
BookStack is a platform for storing and organising information and documentation.
network
low complexity
bookstackapp CWE-74
5.5