CVE-2022-0877 HIGH

CVE-2022-0877: Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack

Vendor Bookstackapp
Product bookstackapp/bookstack
Weakness CWE-79 · XSS
Published March 8, 2022
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

7.6/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.

Key dates

02Disclosure timeline

March 8, 2022 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-10552 Flexmls® IDX Plugin <= 3.14.26 - Authenticated (Contributor+) Stored Cross-Site Scripting via API parameters CVE-2025-4684 BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites <= 3.2.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Image Slider Widgets CVE-2024-21636 view_component Cross-site Scripting vulnerability CVE-2021-32539 Hundred Plus 101EIP - Stored XSS-1 CVE-2025-59756 Multiple vulnerabilities in AndSoft's e-TMS