Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.
References
Link | Resource |
---|---|
https://www.bookstackapp.com/docs/admin/security/#using-bookstack-content-externally | Vendor Advisory |
https://www.bookstackapp.com/blog/bookstack-release-v22-09/ | Release Notes Vendor Advisory |
https://jvn.jp/en/jp/JVN78862034/index.html | Release Notes Third Party Advisory |
Configurations
Information
Published : 2022-10-24 07:15
Updated : 2022-10-24 09:14
NVD link : CVE-2022-40690
Mitre link : CVE-2022-40690
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
bookstackapp
- bookstack