CVE-2021-3767
published 2021-09-06CVE-2021-3767: bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.58%
43.3th percentile
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bookstackapp | bookstack | < 21.08.2 | 21.08.2 |
| bookstackapp | bookstackapp_bookstack | >= unspecified < 21.08.2 | 21.08.2 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6wjr-v5v8-r9w2: bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ghsa_unreviewed·2022-05-24
CVE-2021-3767 [MEDIUM] CWE-79 GHSA-6wjr-v5v8-r9w2: bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Red Hat
ImageMagick: memory leak in AcquireSemaphoreMemory() in semaphore.c and AcquireMagickMemory() in memory.c
vendor_redhat·2021-06-01
CVE-2021-34183 CWE-401 ImageMagick: memory leak in AcquireSemaphoreMemory() in semaphore.c and AcquireMagickMemory() in memory.c
ImageMagick: memory leak in AcquireSemaphoreMemory() in semaphore.c and AcquireMagickMemory() in memory.c
[REJECTED CVE] ImageMagick has a memory leak in AcquireSemaphoreMemory in semaphore.c and AcquireMagickMemory in memory.c.
Statement: This CVE has been rejected Upstream: https://github.com/ImageMagick/ImageMagick/issues/3767#issuecomment-871458820
Red Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations.
As such, this CVE has been marked as "Rejected" in alignment with Red Hat's vulnerability management policies.
If you have
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/bookstackapp/bookstack/commit/040997fdc4414776bcac06a3cbaac3b26b5e8a64https://huntr.dev/bounties/7ec92c85-30eb-4071-8891-6183446ca980https://github.com/bookstackapp/bookstack/commit/040997fdc4414776bcac06a3cbaac3b26b5e8a64https://huntr.dev/bounties/7ec92c85-30eb-4071-8891-6183446ca980
2021-09-06
Published