exploitDog

CVE-2022-40690

Опубликовано: 24 окт. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.

Ссылки

https://jvn.jp/en/jp/JVN78862034/index.html
Release Notes
Third Party Advisory
https://www.bookstackapp.com/blog/bookstack-release-v22-09/
Release Notes
Vendor Advisory
https://www.bookstackapp.com/docs/admin/security/#using-bookstack-content-externally
Vendor Advisory
https://jvn.jp/en/jp/JVN78862034/index.html
Release Notes
Third Party Advisory
https://www.bookstackapp.com/blog/bookstack-release-v22-09/
Release Notes
Vendor Advisory
https://www.bookstackapp.com/docs/admin/security/#using-bookstack-content-externally
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*

Версия до 22.09 (исключая)

EPSS

Процентиль: 59%

0.00373

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-fxr6-45h7-wgcx

CVSS3: 5.4

github

больше 3 лет назад

Cross-site scripting vulnerability in BookStack versions prior to v22.09 allows a remote authenticated attacker to inject an arbitrary script.

EPSS

Процентиль: 59%

0.00373

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

CWE-79