How severe is CVE-2020-26260?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2020-26260?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2020-26260 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade.

Related Vulnerabilities

CVE-2015-10040

MEDIUM

CVSS:6.5(Medium)

A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Han...

CWE-742015

CVE-2016-0881

MEDIUM

CVSS:6.5(Medium)

EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and obtain sensitive repository informatio...

CWE-742016

CVE-2016-10761

MEDIUM

CVSS:6.5(Medium)

Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.

CWE-742016

CVE-2016-6473

MEDIUM

CVSS:6.5(Medium)

A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series Switches could allow an unauthenticated, adjacent attacker to cause a Layer 2 network storm. More Information: CSCuu69332, CSCux...

CWE-742016

CVE-2017-8458

MEDIUM

CVSS:6.5(Medium)

Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example...

CWE-742017

CVE-2019-3498

MEDIUM

CVSS:6.5(Medium)

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defau...

CWE-742019