Bookstackapp Bookstack
6 CVEs affecting Bookstackapp Bookstack. Latest disclosed: 2026-04-03. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-5256 | High | 7.9 | 2020-03-09 | BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code… |
CVE-2020-26211 | High | 7.7 | 2020-11-03 | In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of `javascript:` URIs within a link or… |
CVE-2020-26210 | High | 7.7 | 2020-11-03 | In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicke… |
CVE-2020-26260 | Medium | 6.4 | 2020-12-09 | BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page co… |
CVE-2020-11055 | Medium | 6.3 | 2020-05-07 | In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments… |
CVE-2026-5484 | Medium | 5.3 | 2026-04-03 | A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of… |