Vulnerability Details : CVE-2020-26210
In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the linked advisory provides a SQL query to test. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade although this will not address existing exploitation of this vulnerability. The issue is fixed in version 0.30.4.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2020-26210
- cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-26210
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 58 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-26210
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
8.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
2.3
|
5.8
|
NIST | |
7.7
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N |
1.3
|
5.8
|
GitHub, Inc. |
CWE ids for CVE-2020-26210
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: security-advisories@github.com (Primary)
References for CVE-2020-26210
-
https://bookstackapp.com/blog/beta-release-v0-30-4/
Beta Security Release v0.30.4 · BookStackExploit;Patch;Vendor Advisory
-
https://github.com/BookStackApp/BookStack/security/advisories/GHSA-7p2j-4h6p-cq3h
Cross-Site Scripting Through Link Attachments · Advisory · BookStackApp/BookStack · GitHubExploit;Third Party Advisory
-
https://github.com/BookStackApp/BookStack/commit/349162ea139556b2d25e09e155cec84e21cc9227
Prevented possible XSS via link attachments · BookStackApp/BookStack@349162e · GitHubPatch;Third Party Advisory
-
https://github.com/BookStackApp/BookStack/releases/tag/v0.30.4
Release BookStack Beta v0.30.4 · BookStackApp/BookStack · GitHubThird Party Advisory
Jump to