What is CVE-2020-26210?

CVE-2020-26210 is a high-severity vulnerability in Bookstackapp Bookstack, classified under Cross-site Scripting. CVSS score: 7.7/10. Published 2020-11-03.

How severe is CVE-2020-26210?

High severity. CVSS v3 base score is 7.7 out of 10.

XSS in Bookstackapp Bookstack

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after th…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (63.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

Bookstackapp Bookstack — versions < 0.30.4

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

github.com/BookStackApp/BookStack/security/advisories/GHSA-7p2j-4h6p-cq3h (x_refsource_CONFIRM)
github.com/BookStackApp/BookStack/commit/349162ea139556b2d25e09e155cec84e21cc92… (x_refsource_MISC)
bookstackapp.com/blog/beta-release-v0-30-4/ (x_refsource_MISC)
github.com/BookStackApp/BookStack/releases/tag/v0.30.4 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-26210?: CVE-2020-26210 is a high-severity vulnerability in Bookstackapp Bookstack, classified under Cross-site Scripting. CVSS score: 7.7/10. Published 2020-11-03.
How severe is CVE-2020-26210?: High severity. CVSS v3 base score is 7.7 out of 10.