Bookstackapp ≫ Bookstack

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type

bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

bookstack is vulnerable to Server-Side Request Forgery (SSRF)

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which woul...

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Ad...

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. ...

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be execu...