Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

BookStackApp — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting BookStackApp. AI-powered Chinese analysis, POCs, and references for each vulnerability.

BookStackApp serves as a self-hosted platform for organizing and storing documentation through hierarchical page structures. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with 19 CVEs documented. Notable security characteristics include its PHP-based architecture and frequent updates addressing authentication bypasses and input validation weaknesses. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities in earlier versions highlights the importance of maintaining current installations to mitigate risks associated with its web interface and database interactions.

Top products by BookStackApp: bookstackapp/bookstack BookStack
CVE IDTitleCVSSSeverityPublished
CVE-2026-5484 BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control — BookStackCWE-284 5.3 Medium2026-04-03
CVE-2023-4624 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack — bookstackapp/bookstackCWE-918 7.5 -2023-08-30
CVE-2022-0877 Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack — bookstackapp/bookstackCWE-79 5.4 -2022-03-08
CVE-2021-4194 Improper Access Control in bookstackapp/bookstack — bookstackapp/bookstackCWE-284 7.1 -2022-01-06
CVE-2021-4119 Improper Access Control in bookstackapp/bookstack — bookstackapp/bookstackCWE-284 7.1 -2021-12-15
CVE-2021-3944 Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack — bookstackapp/bookstackCWE-352 6.5 -2021-12-02
CVE-2021-4026 Improper Access Control in bookstackapp/bookstack — bookstackapp/bookstackCWE-284 7.1 -2021-11-30
CVE-2021-3915 Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack — bookstackapp/bookstackCWE-434 7.3 -2021-11-13
CVE-2021-3916 Path Traversal in bookstackapp/bookstack — bookstackapp/bookstackCWE-22 6.5 -2021-11-05
CVE-2021-3906 Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack — bookstackapp/bookstackCWE-434 7.3 -2021-10-27
CVE-2021-3874 Path Traversal in bookstackapp/bookstack — bookstackapp/bookstackCWE-22 6.5 -2021-10-15
CVE-2021-3768 Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack — bookstackapp/bookstackCWE-79 5.4 -2021-09-06
CVE-2021-3767 Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack — bookstackapp/bookstackCWE-79 5.4 -2021-09-06
CVE-2021-3758 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack — bookstackapp/bookstackCWE-918 8.1 -2021-09-02
CVE-2020-26260 Server Side Request Forgery in BookStack — BookStackCWE-74 6.4 Medium2020-12-09
CVE-2020-26211 Cross-Site Scripting in BookStack — BookStackCWE-79 7.7 High2020-11-03
CVE-2020-26210 Cross-Site Scripting in BookStack — BookStackCWE-79 7.7 High2020-11-03
CVE-2020-11055 Cross-site Scripting in BookStack — BookStackCWE-79 6.3 Medium2020-05-07
CVE-2020-5256 Remote Code Execution Through Image Uploads in BookStack — BookStackCWE-95 7.9 High2020-03-09

This page lists every published CVE security advisory associated with BookStackApp. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.