Bookstackapp: >> Bookstack >> 0.30.4 Security Vulnerabilities
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS Score
4.3
EPSS Score
0.004
Published
2021-10-15
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-06
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-06
bookstack is vulnerable to Server-Side Request Forgery (SSRF)
CVSS Score
6.3
EPSS Score
0.002
Published
2021-09-02
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade.
CVSS Score
6.4
EPSS Score
0.003
Published
2020-12-09
Page 2