CVE-2020-11055

Description

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the comment. Through this vulnerability custom JavaScript code could be injected and therefore ran on other user machines. This most impacts scenarios where not-trusted users are given permission to create comments. This has been fixed in 0.29.2.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Affected products

bookstackapp / bookstack>= 0.18.0, < 0.29.2 – >= 0.18.0, < 0.29.2

References

VENDOR_ADVISORYhttps://github.com/BookStackApp/BookStack/security/advisories/GHSA-5vf7-q87h-pg6w
MISChttps://bookstackapp.com/blog/beta-release-v0-29-2/
PATCHhttps://github.com/BookStackApp/BookStack/releases/tag/v0.29.2
MISChttp://jvn.jp/en/jp/JVN41035278/index.html