Description
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4.
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/BookStackApp/BookStack/security/advisories/GHSA-7p2j-4h6p-cq3h
Patch, Third Party Advisory x_refsource_misc
https://github.com/BookStackApp/BookStack/commit/349162ea139556b2d25e09e155cec84e21cc9227
Exploit, Patch, Vendor Advisory x_refsource_misc
https://bookstackapp.com/blog/beta-release-v0-30-4/
Third Party Advisory x_refsource_misc
https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4
Scores
CVSS v3
7.7
EPSS
0.0043
EPSS Percentile
62.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Details
CWE
CWE-79
Status
published
Products (1)
bookstackapp/bookstack
< 0.30.4
Published
Nov 03, 2020
Tracked Since
Feb 18, 2026