Known Vulnerabilities for products from BookStackApp
Listed below are 20 of the newest known vulnerabilities associated with the vendor "BookStackApp".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-5484 | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2023-4624 | Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. | 2.4 - LOW | 2023-08-30 | 2023-09-01 |
| CVE-2022-40690 | Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an ... | 5.4 - MEDIUM | 2022-10-24 | 2022-10-24 |
| CVE-2022-0877 | Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3. | 5.4 - MEDIUM | 2022-03-08 | 2022-03-11 |
| CVE-2021-4194 | bookstack is vulnerable to Improper Access Control | 6.5 - MEDIUM | 2022-01-06 | 2022-07-25 |
| CVE-2021-4119 | bookstack is vulnerable to Improper Access Control | 9.8 - CRITICAL | 2021-12-15 | 2022-08-09 |
| CVE-2021-4026 | bookstack is vulnerable to Improper Access Control | 4.3 - MEDIUM | 2021-11-30 | 2022-08-09 |
| CVE-2021-3944 | bookstack is vulnerable to Cross-Site Request Forgery (CSRF) | 6.8 - MEDIUM | 2021-12-02 | 2021-12-04 |
| CVE-2021-3916 | bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 6.5 - MEDIUM | 2021-11-05 | 2021-11-09 |
| CVE-2021-3915 | bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | 5.7 - MEDIUM | 2021-11-13 | 2021-11-17 |
| CVE-2021-3906 | bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type | 6.5 - MEDIUM | 2021-10-27 | 2021-11-03 |
| CVE-2021-3874 | bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 6.5 - MEDIUM | 2021-10-15 | 2021-10-20 |
| CVE-2021-3768 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 - MEDIUM | 2021-09-06 | 2021-09-09 |
| CVE-2021-3767 | bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 5.4 - MEDIUM | 2021-09-06 | 2021-09-09 |
| CVE-2021-3758 | bookstack is vulnerable to Server-Side Request Forgery (SSRF) | 6.5 - MEDIUM | 2021-09-02 | 2021-09-10 |
| CVE-2020-26260 | BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user ... | 6.4 - MEDIUM | 2020-12-09 | 2020-12-10 |
| CVE-2020-26211 | In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `j... | 8.7 - HIGH | 2020-11-03 | 2020-11-16 |
| CVE-2020-26210 | In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute unt... | 8.7 - HIGH | 2020-11-03 | 2020-11-16 |
| CVE-2020-11055 | In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user ... | 5.4 - MEDIUM | 2020-05-07 | 2020-05-13 |
| CVE-2020-5256 | BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which... | 8.8 - HIGH | 2020-03-09 | 2020-03-10 |
Known software with vulnerabilities from BookStackApp
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Bookstackapp | Bookstack | - |