What is CVE-2020-26211?

CVE-2020-26211 is a high-severity vulnerability in Bookstackapp Bookstack, classified under Cross-site Scripting. CVSS score: 7.7/10. Published 2020-11-03.

How severe is CVE-2020-26211?

High severity. CVSS v3 base score is 7.7 out of 10.

Is CVE-2020-26211 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Bookstackapp Bookstack

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or form which would run, within the context of the current page, when clicked or su…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (63.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

Bookstackapp Bookstack — versions < 0.30.4

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

PercussiveElbow/PercussiveElbow

References

github.com/BookStackApp/BookStack/releases/tag/v0.30.4 (x_refsource_MISC)
github.com/BookStackApp/BookStack/security/advisories/GHSA-r2cf-8778-3jgp (x_refsource_CONFIRM)
github.com/BookStackApp/BookStack/commit/bbd1384acbe7e52c21f89af69f2dc391c95dbf… (x_refsource_MISC)
www.bookstackapp.com/blog/beta-release-v0-30-4/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-26211?: CVE-2020-26211 is a high-severity vulnerability in Bookstackapp Bookstack, classified under Cross-site Scripting. CVSS score: 7.7/10. Published 2020-11-03.
How severe is CVE-2020-26211?: High severity. CVSS v3 base score is 7.7 out of 10.
Is CVE-2020-26211 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.