ssddanbrown/bookstack
Packagist10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ssddanbrown/bookstackpage 1 of 1
- CVE-2020-11055MEDIUMCVSS 6.3EG 6.3✓ Fixed in 0.29.22020-05-07
vulnerable: v0.18.0 ... v0.29.1 (43 versions)
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would th…
- CVE-2020-26211HIGHCVSS 7.7EG 7.7✓ Fixed in 0.30.42020-11-03
vulnerable: 0.7.2 ... v0.9.3 (93 versions)
In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or su…
- CVE-2020-5256HIGHCVSS 7.9EG 7.9✓ Fixed in 0.25.52020-03-09
vulnerable: 0.7.2 ... v0.9.3 (69 versions)
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP pro…
- CVE-2021-3915MEDIUMCVSS 5.7EG 5.7✓ Fixed in 21.0.32021-11-13
vulnerable: 0.7.2 ... v0.9.3 (106 versions)
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
- CVE-2021-3944MEDIUMCVSS 6.8EG 6.8✓ Fixed in 21.112021-12-02
vulnerable: 0.7.2 ... v21.10.3 (129 versions)
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-4026MEDIUMCVSS 4.3EG 4.3✓ Fixed in 21.11.22021-11-30
vulnerable: 0.7.2 ... v21.11.1 (131 versions)
bookstack is vulnerable to Improper Access Control
- CVE-2021-4119CRITICALCVSS 9.8EG 9.8✓ Fixed in 21.11.32021-12-15
vulnerable: 0.7.2 ... v21.11.2 (132 versions)
bookstack is vulnerable to Improper Access Control
- CVE-2021-4194MEDIUMCVSS 6.5EG 6.5✓ Fixed in 21.12.12022-01-06
vulnerable: 0.7.2 ... v21.12 (134 versions)
bookstack is vulnerable to Improper Access Control
- CVE-2022-0877MEDIUMCVSS 5.4EG 5.4✓ Fixed in 22.02.32022-03-08
vulnerable: 0.7.2 ... v22.02.2 (142 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.
- CVE-2024-36676HIGHCVSS 7.5EG 7.5✓ Fixed in 24.05.12024-07-09
vulnerable: 0.7.2 ... v24.05 (192 versions)
Incorrect access control in BookStack before v24.05.1 allows attackers to confirm existing system users and perform targeted notification email DoS via public facing forms.
Check whether ssddanbrown/bookstack is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ssddanbrown/bookstack CVEs against the assets you own.
Start Free Scan →