CVE-2021-3768 MEDIUM

CVE-2021-3768: Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

Vendor Bookstackapp
Product bookstackapp/bookstack
Weakness CWE-79 · XSS
Published September 6, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Key dates

02Disclosure timeline

September 6, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-33311 @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options CVE-2025-13962 Divelogs Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes CVE-2023-32105 WordPress WPPizza Plugin <= 3.17.1 is vulnerable to Cross Site Scripting (XSS) CVE-2024-10719 Stored Cross-site Scripting (XSS) in phpipam/phpipam CVE-2025-53934 WeGIA vulnerable to Stored Cross-Site Scripting via endpoint 'control.php' parameter 'descricao_emergencia'