Latest bookstackapp bookstack Vulnerabilities

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.
Bookstackapp Bookstack<23.08
Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.
Bookstackapp Bookstack<22.09
Bookstackapp Bookstack<22.02.3
bookstack is vulnerable to Improper Access Control
Bookstackapp Bookstack<21.12.1
bookstack is vulnerable to Improper Access Control
Bookstackapp Bookstack<=21.11.2
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
Bookstackapp Bookstack<21.11
bookstack is vulnerable to Improper Access Control
Bookstackapp Bookstack<21.11.2
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
Bookstackapp Bookstack<21.10.3
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Bookstackapp Bookstack<21.10.3
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
Bookstackapp Bookstack<21.10.1
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Bookstackapp Bookstack<21.08.2
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate...
Bookstackapp Bookstack<0.30.5
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context ...
Bookstackapp Bookstack<0.30.4
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous cont...
Bookstackapp Bookstack<0.30.4
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system t...
Bookstackapp Bookstack>=0.18.0<0.29.2
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would t...
Bookstackapp Bookstack<0.25.3

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203