Bookstackapp Bookstack vulnerabilities
13 known vulnerabilities affecting bookstackapp/bookstackapp_bookstack.
Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM11LOW1
Vulnerabilities
Page 1 of 1
CVE-2021-4119P2CRITICALCVSS 9.8≥ unspecified, < 21.11.32021-12-15
CVE-2021-4119 [CRITICAL] CWE-284 CVE-2021-4119: bookstack is vulnerable to Improper Access Control
bookstack is vulnerable to Improper Access Control
nvd
CVE-2021-3906P3MEDIUMCVSS 6.5≥ unspecified, < 21.10.12021-10-27
CVE-2021-3906 [MEDIUM] CWE-434 CVE-2021-3906: bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
nvd
CVE-2021-3916P3MEDIUMCVSS 6.5≥ unspecified, < 21.10.32021-11-05
CVE-2021-3916 [MEDIUM] CWE-22 CVE-2021-3916: bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traver
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
nvd
CVE-2021-3874P3MEDIUMCVSS 6.5≥ unspecified, < 21.08.52021-10-15
CVE-2021-3874 [MEDIUM] CWE-22 CVE-2021-3874: bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traver
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
nvd
CVE-2021-4194P4MEDIUMCVSS 6.5≥ unspecified, < 21.12.12022-01-06
CVE-2021-4194 [MEDIUM] CWE-284 CVE-2021-4194: bookstack is vulnerable to Improper Access Control
bookstack is vulnerable to Improper Access Control
nvd
CVE-2021-3758P4MEDIUMCVSS 6.5≥ unspecified, < 21.082021-09-02
CVE-2021-3758 [MEDIUM] CWE-918 CVE-2021-3758: bookstack is vulnerable to Server-Side Request Forgery (SSRF)
bookstack is vulnerable to Server-Side Request Forgery (SSRF)
nvd
CVE-2021-3915P4MEDIUMCVSS 5.7≥ unspecified, < 21.10.32021-11-13
CVE-2021-3915 [MEDIUM] CWE-434 CVE-2021-3915: bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
nvd
CVE-2021-3944P4MEDIUMCVSS 6.8≥ unspecified, < 21.112021-12-02
CVE-2021-3944 [MEDIUM] CWE-352 CVE-2021-3944: bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2022-0877P4MEDIUMCVSS 5.4≥ unspecified, < v22.02.32022-03-08
CVE-2022-0877 [MEDIUM] CWE-79 CVE-2022-0877: Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.
Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.
nvd
CVE-2021-3768P4MEDIUMCVSS 5.4≥ unspecified, < 21.08.22021-09-06
CVE-2021-3768 [MEDIUM] CWE-79 CVE-2021-3768: bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2021-3767P4MEDIUMCVSS 5.4≥ unspecified, < 21.08.22021-09-06
CVE-2021-3767 [MEDIUM] CWE-79 CVE-2021-3767: bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site
bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2021-4026P4MEDIUMCVSS 4.3≥ unspecified, < 21.11.22021-11-30
CVE-2021-4026 [MEDIUM] CWE-284 CVE-2021-4026: bookstack is vulnerable to Improper Access Control
bookstack is vulnerable to Improper Access Control
nvd
CVE-2023-4624P4LOWCVSS 2.4≥ unspecified, < v23.082023-08-30
CVE-2023-4624 [LOW] CWE-918 CVE-2023-4624: Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.
Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.
nvd