Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2020-26210
HistoryNov 03, 2020 - 7:15 p.m.

CVE-2020-26210

2020-11-0319:15:13
Google
osv.dev
3
bookstack
untrusted javascript
execution
security
update

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

57.7%

JSON

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4.

Related

cve 1
prion 1
nvd 1
cvelist 1
cve
cve
CVE-2020-26210
2020-11-03 19:15:13
prion
prion
Code injection
2020-11-03 19:15:00
nvd
nvd
CVE-2020-26210
2020-11-03 19:15:13
cvelist
cvelist
CVE-2020-26210 Cross-Site Scripting in BookStack
2020-11-03 18:20:15

AI Score

7.4

Confidence

Low

EPSS

0.002

Percentile

57.7%

JSON
Related for OSV:CVE-2020-26210
cve1prion1nvd1cvelist1