Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4
CVE-2020-11055
- EPSS 0.39%
- Veröffentlicht 07.05.2020 21:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:41
In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be execu...
- EPSS 0.68%
- Veröffentlicht 09.03.2020 16:15:15
- Zuletzt bearbeitet 21.11.2024 05:33:46
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This ...
5.4
CVE-2017-1000462
- EPSS 0.32%
- Veröffentlicht 03.01.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:04:47
BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.