Skip to main content

Bookstack

19 CVEs product

Monthly

CVE-2023-6199 MEDIUM POC This Month

Book Stack version 23.10.2 allows filtering local files on the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Bookstack
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-4624 LOW POC PATCH Monitor

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Bookstack
NVD GitHub
CVSS 3.1
2.4
EPSS
0.5%
CVE-2022-40690 MEDIUM This Month

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bookstack
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2022-0877 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bookstack
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-4119 PHP CRITICAL POC PATCH THREAT Act Now

bookstack is vulnerable to Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Bookstack
NVD GitHub
CVSS 3.1
9.8
EPSS
26.9%
CVE-2021-3944 PHP MEDIUM POC PATCH This Month

bookstack is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Bookstack
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2021-4026 PHP MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Bookstack
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-3915 PHP MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
CVSS 3.1
5.7
EPSS
0.9%
CVE-2021-3916 MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-3906 MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-3874 MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-3768 MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bookstack
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-3767 MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bookstack
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-3758 MEDIUM POC PATCH This Month

bookstack is vulnerable to Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Bookstack
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2020-26260 MEDIUM This Month

BookStack is a platform for storing and organising information and documentation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bookstack
NVD GitHub
CVSS 3.1
6.4
EPSS
0.8%
CVE-2020-26211 PHP HIGH PATCH This Week

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bookstack
NVD GitHub
CVSS 3.1
8.7
EPSS
1.1%
CVE-2020-26210 HIGH POC PATCH This Week

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bookstack
NVD GitHub
CVSS 3.1
8.7
EPSS
1.2%
CVE-2020-11055 PHP MEDIUM PATCH This Month

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bookstack
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-5256 PHP HIGH PATCH This Week

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Code Injection PHP Bookstack
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Book Stack version 23.10.2 allows filtering local files on the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Bookstack
NVD
EPSS 1% CVSS 2.4
LOW POC PATCH Monitor

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Bookstack
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bookstack
NVD
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bookstack
NVD GitHub
EPSS 27% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

bookstack is vulnerable to Improper Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Bookstack
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM POC PATCH This Month

bookstack is vulnerable to Cross-Site Request Forgery (CSRF). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Bookstack
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Access Control. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Bookstack
NVD GitHub
EPSS 1% CVSS 5.7
MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Bookstack
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bookstack
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Bookstack
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bookstack
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bookstack
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC PATCH This Month

bookstack is vulnerable to Server-Side Request Forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Bookstack
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM This Month

BookStack is a platform for storing and organising information and documentation. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Bookstack
NVD GitHub
EPSS 1% CVSS 8.7
HIGH PATCH This Week

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bookstack
NVD GitHub
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bookstack
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bookstack
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Code Injection PHP +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy