CVE-2020-11055

low-risk
Published 2020-05-07

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2.

Do I need to act?

-
0.39% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Bookstackapp

References (8)

Third Party Advisory http://jvn.jp/en/jp/JVN41035278/index.html
Release Notes https://bookstackapp.com/blog/beta-release-v0-29-2/
Release Notes https://github.com/BookStackApp/BookStack/releases/tag/v0.29.2
Third Party Advisory https://github.com/BookStackApp/BookStack/security/advisories/GHSA-5vf7-q87h-pg6...
Third Party Advisory http://jvn.jp/en/jp/JVN41035278/index.html
Release Notes https://bookstackapp.com/blog/beta-release-v0-29-2/
Release Notes https://github.com/BookStackApp/BookStack/releases/tag/v0.29.2
Third Party Advisory https://github.com/BookStackApp/BookStack/security/advisories/GHSA-5vf7-q87h-pg6...
29
/ 100
low-risk
Severity 23/34 · High
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal