CVE-2020-26210

Name of the Vulnerable Software and Affected Versions BookStack versions prior to 0.30.4

Description The issue allows a user with page edit permissions to add an attached link that executes untrusted JavaScript code when clicked by a viewer. This could lead to the execution of malicious code. Dangerous content may remain in the database even after updating.

Recommendations For versions prior to 0.30.4, upgrade to version 0.30.4 to fix the issue. As a temporary workaround, consider limiting page edit permissions to only trusted users, although this will not address existing exploitation of the issue. If you suspect exploitation, use the provided SQL query to test for dangerous content in the database.