EPSS
Percentile
34.3%
ssddanbrown/bookstack is vulnerable to cross-site scripting (XSS). Lack of validation and sanitization allows a remote attacker to inject and execute arbitrary Javascript in a user’s browser via the comments.
jvn.jp/en/jp/JVN41035278/index.html
bookstackapp.com/blog/beta-release-v0-29-2/
github.com/advisories/GHSA-5vf7-q87h-pg6w
github.com/BookStackApp/BookStack/releases/tag/v0.29.2
github.com/BookStackApp/BookStack/security/advisories/GHSA-5vf7-q87h-pg6w
www.bookstackapp.com/blog/beta-release-v0-29-2/