Search criteria
39 vulnerabilities found for wiki.js by Requarks
CVE-2025-56643 (GCVE-0-2025-56643)
Vulnerability from nvd – Published: 2025-11-18 00:00 – Updated: 2025-11-19 16:50
VLAI?
Summary
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. The issue is present in the authentication resolver logic and affects both the GraphQL endpoint and the logout mechanism.
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-56643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:25:25.296035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:50:05.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. The issue is present in the authentication resolver logic and affects both the GraphQL endpoint and the logout mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:42:16.393Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/0xBS0D27/CVE-2025-56643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-56643",
"datePublished": "2025-11-18T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-11-19T16:50:05.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1681 (GCVE-0-2022-1681)
Vulnerability from nvd – Published: 2022-05-12 07:45 – Updated: 2024-08-03 00:10
VLAI?
Title
Authentication Bypass Using an Alternate Path or Channel in requarks/wiki
Summary
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions
Severity ?
7.2 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| requarks | requarks/wiki |
Affected:
unspecified , < 2.5.281
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "requarks/wiki",
"vendor": "requarks",
"versions": [
{
"lessThan": "2.5.281",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T07:45:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
],
"source": {
"advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1681",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "requarks/wiki",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.5.281"
}
]
}
}
]
},
"vendor_name": "requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"name": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c",
"refsource": "MISC",
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
]
},
"source": {
"advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1681",
"datePublished": "2022-05-12T07:45:14",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23654 (GCVE-0-2022-23654)
Vulnerability from nvd – Published: 2022-02-22 20:05 – Updated: 2025-04-23 19:02
VLAI?
Title
Improper write access check in Requarks/wiki
Summary
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.
Severity ?
8.1 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:55:50.514144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:02:06.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.276"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T20:05:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b"
}
],
"source": {
"advisory": "GHSA-3cv9-795v-6j7j",
"discovery": "UNKNOWN"
},
"title": "Improper write access check in Requarks/wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23654",
"STATE": "PUBLIC",
"TITLE": "Improper write access check in Requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.276"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j"
},
{
"name": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b"
}
]
},
"source": {
"advisory": "GHSA-3cv9-795v-6j7j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23654",
"datePublished": "2022-02-22T20:05:11.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:02:06.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25993 (GCVE-0-2021-25993)
Vulnerability from nvd – Published: 2021-12-29 16:50 – Updated: 2025-04-30 15:43
VLAI?
Title
Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor
Summary
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
WhiteSource Vulnerability Research Team (WVR)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25993",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:27:28.139032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:43:38.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0-beta.147",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.5.255",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2021-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker\u2019s server and will lead to account takeover when accessed by the victim."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-29T16:50:09.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
}
],
"solutions": [
{
"lang": "en",
"value": "Update version to 2.5.260 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2021-12-29T08:22:00.000Z",
"ID": "CVE-2021-25993",
"STATE": "PUBLIC",
"TITLE": "Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.0.0-beta.147"
},
{
"version_affected": "\u003c=",
"version_value": "2.5.255"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker\u2019s server and will lead to account takeover when accessed by the victim."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update version to 2.5.260 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25993",
"datePublished": "2021-12-29T16:50:09.782Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:43:38.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43855 (GCVE-0-2021-43855)
Vulnerability from nvd – Published: 2021-12-27 18:05 – Updated: 2024-08-04 04:10
VLAI?
Title
Stored XSS via SVG in Requarks/wiki
Summary
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users.
Severity ?
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.264"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:05:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f"
}
],
"source": {
"advisory": "GHSA-4893-pj5w-3hq9",
"discovery": "UNKNOWN"
},
"title": "Stored XSS via SVG in Requarks/wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43855",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via SVG in Requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.264"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.264",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9"
},
{
"name": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f"
}
]
},
"source": {
"advisory": "GHSA-4893-pj5w-3hq9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43855",
"datePublished": "2021-12-27T18:05:16",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43856 (GCVE-0-2021-43856)
Vulnerability from nvd – Published: 2021-12-27 18:05 – Updated: 2024-08-04 04:10
VLAI?
Title
Stored XSS in non-image uploads in Requarks/wiki
Summary
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/
Severity ?
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.264"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:05:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
}
],
"source": {
"advisory": "GHSA-rhpf-929m-7fm2",
"discovery": "UNKNOWN"
},
"title": "Stored XSS in non-image uploads in Requarks/wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43856",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in non-image uploads in Requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.264"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2"
},
{
"name": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0"
},
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.264",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
}
]
},
"source": {
"advisory": "GHSA-rhpf-929m-7fm2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43856",
"datePublished": "2021-12-27T18:05:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43842 (GCVE-0-2021-43842)
Vulnerability from nvd – Published: 2021-12-20 22:30 – Updated: 2024-08-04 04:10
VLAI?
Title
Stored XSS via SVG file upload in Wiki.js
Summary
Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.258 (development)"
},
{
"status": "affected",
"version": "\u003c 2.5.260 (production)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T22:30:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.260"
}
],
"source": {
"advisory": "GHSA-3qv4-gp35-rgh7",
"discovery": "UNKNOWN"
},
"title": "Stored XSS via SVG file upload in Wiki.js",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43842",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via SVG file upload in Wiki.js"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.258 (development)"
},
{
"version_value": "\u003c 2.5.260 (production)"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7"
},
{
"name": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.260",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.260"
}
]
},
"source": {
"advisory": "GHSA-3qv4-gp35-rgh7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43842",
"datePublished": "2021-12-20T22:30:11",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43800 (GCVE-0-2021-43800)
Vulnerability from nvd – Published: 2021-12-06 18:50 – Updated: 2024-08-04 04:03
VLAI?
Title
Asset directory traversal with some storage modules on Windows
Summary
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git).
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.254"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-06T18:50:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.254"
}
],
"source": {
"advisory": "GHSA-r363-73gj-6j25",
"discovery": "UNKNOWN"
},
"title": "Asset directory traversal with some storage modules on Windows",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43800",
"STATE": "PUBLIC",
"TITLE": "Asset directory traversal with some storage modules on Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.254"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25"
},
{
"name": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85"
},
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.254",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.254"
}
]
},
"source": {
"advisory": "GHSA-r363-73gj-6j25",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43800",
"datePublished": "2021-12-06T18:50:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21383 (GCVE-0-2021-21383)
Vulnerability from nvd – Published: 2021-03-18 17:10 – Updated: 2024-08-03 18:09
VLAI?
Title
XSS in Wiki.js
Summary
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render.
Severity ?
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.191"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `\u003cpre\u003e` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `\u003cpre\u003e` tags during the render."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T17:10:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.191"
}
],
"source": {
"advisory": "GHSA-6xx4-m8gx-826r",
"discovery": "UNKNOWN"
},
"title": "XSS in Wiki.js",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21383",
"STATE": "PUBLIC",
"TITLE": "XSS in Wiki.js"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.191"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `\u003cpre\u003e` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `\u003cpre\u003e` tags during the render."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r"
},
{
"name": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1"
},
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.191",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.191"
}
]
},
"source": {
"advisory": "GHSA-6xx4-m8gx-826r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21383",
"datePublished": "2021-03-18T17:10:16",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15274 (GCVE-0-2020-15274)
Vulnerability from nvd – Published: 2020-10-26 18:35 – Updated: 2024-08-04 13:15
VLAI?
Title
Stored XSS via search result in Wiki.js
Summary
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results.
Severity ?
5.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.requarks.io/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki.js",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.162"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-26T18:35:19",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.requarks.io/releases"
}
],
"source": {
"advisory": "GHSA-pgjv-84m7-62q7",
"discovery": "UNKNOWN"
},
"title": "Stored XSS via search result in Wiki.js",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15274",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via search result in Wiki.js"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki.js",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.162"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7"
},
{
"name": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de"
},
{
"name": "https://docs.requarks.io/releases",
"refsource": "MISC",
"url": "https://docs.requarks.io/releases"
}
]
},
"source": {
"advisory": "GHSA-pgjv-84m7-62q7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15274",
"datePublished": "2020-10-26T18:35:19",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:15:19.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2025-56643
Vulnerability from fkie_nvd - Published: 2025-11-18 18:16 - Updated: 2025-12-31 02:06
Severity ?
Summary
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. The issue is present in the authentication resolver logic and affects both the GraphQL endpoint and the logout mechanism.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/0xBS0D27/CVE-2025-56643 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.5.307:*:*:*:*:*:*:*",
"matchCriteriaId": "9B79896A-E767-4CFF-A485-4F1332AA5AF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. The issue is present in the authentication resolver logic and affects both the GraphQL endpoint and the logout mechanism."
}
],
"id": "CVE-2025-56643",
"lastModified": "2025-12-31T02:06:51.750",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-11-18T18:16:07.647",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/0xBS0D27/CVE-2025-56643"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-1681
Vulnerability from fkie_nvd - Published: 2022-05-12 08:15 - Updated: 2024-11-21 06:41
Severity ?
Summary
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions
References
| URL | Tags | ||
|---|---|---|---|
| security@huntr.dev | https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "349C71DA-8677-45E1-83F2-59C7EAB3E880",
"versionEndExcluding": "2.5.281",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
},
{
"lang": "es",
"value": "Una Omisi\u00f3n de la Autenticaci\u00f3n Mediante una Ruta o Canal Alternativo en el repositorio de GitHub requarks/wiki versiones anteriores a 2.5.281. El usuario puede conseguir permisos de usuario root"
}
],
"id": "CVE-2022-1681",
"lastModified": "2024-11-21T06:41:14.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-12T08:15:07.370",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-288"
}
],
"source": "security@huntr.dev",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-23654
Vulnerability from fkie_nvd - Published: 2022-02-22 20:15 - Updated: 2024-11-21 06:49
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16272B7A-8766-4D95-8E5D-3CF9EE37283C",
"versionEndExcluding": "2.5.276",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation."
},
{
"lang": "es",
"value": "Wiki.js es una aplicaci\u00f3n wiki construida sobre Node.js. En las versiones afectadas, un usuario autenticado con acceso de escritura en un conjunto restringido de rutas puede actualizar una p\u00e1gina fuera de las rutas permitidas especificando un ID de p\u00e1gina de destino diferente mientras mantiene la ruta intacta. El control de acceso comprueba incorrectamente el acceso a la ruta con los valores proporcionados por el usuario en lugar de la ruta real asociada al ID de la p\u00e1gina. El commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b corrige esta vulnerabilidad comprobando el control de acceso en la ruta asociada al ID de la p\u00e1gina en lugar del valor proporcionado por el usuario. Cuando la ruta es diferente al valor actual, se realiza una segunda comprobaci\u00f3n de control de acceso en la ruta proporcionada por el usuario antes de la operaci\u00f3n de movimiento"
}
],
"id": "CVE-2022-23654",
"lastModified": "2024-11-21T06:49:01.803",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-22T20:15:07.817",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-25993
Vulnerability from fkie_nvd - Published: 2021-12-29 17:15 - Updated: 2024-11-21 05:55
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.
References
| URL | Tags | ||
|---|---|---|---|
| vulnerabilitylab@mend.io | https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718 | Patch, Third Party Advisory | |
| vulnerabilitylab@mend.io | https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| requarks | wiki.js | * | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 | |
| requarks | wiki.js | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD83DC6-EABC-44C2-B999-5AED4AF152B8",
"versionEndIncluding": "2.5.255",
"versionStartIncluding": "2.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta147:*:*:*:*:*:*",
"matchCriteriaId": "B7009727-51C4-411B-ABDA-7AE6EE71A38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta148:*:*:*:*:*:*",
"matchCriteriaId": "86DD5943-792E-46ED-93B1-159368F75A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta174:*:*:*:*:*:*",
"matchCriteriaId": "11946ED6-6D97-45AB-9C67-D015704F8113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta180:*:*:*:*:*:*",
"matchCriteriaId": "69D28FBD-01FD-4364-AE4E-BD6AB0F0B9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta203:*:*:*:*:*:*",
"matchCriteriaId": "B5084CD3-804F-4CE9-BBF2-7F2894AD3470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta208:*:*:*:*:*:*",
"matchCriteriaId": "297516C1-50BD-4A69-B3C3-A49B4A5554A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta230:*:*:*:*:*:*",
"matchCriteriaId": "BECE4F36-B10A-4BC4-95A8-A290180910B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta241:*:*:*:*:*:*",
"matchCriteriaId": "04596A42-81BB-4619-8DD4-193CD6B99E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta267:*:*:*:*:*:*",
"matchCriteriaId": "0163AB21-BF82-4B26-AB04-C4E92E6AEE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta268:*:*:*:*:*:*",
"matchCriteriaId": "A27DC6E9-2996-4193-9CC4-D154DA60B341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta275:*:*:*:*:*:*",
"matchCriteriaId": "28D50D42-B6DA-4015-9318-73555C76AA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:beta303:*:*:*:*:*:*",
"matchCriteriaId": "0B2CBA89-62A3-41BF-ABAE-89F774BD290B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D357DFD5-CEC4-424C-9EE6-125A3407C4F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:requarks:wiki.js:2.0.0:rc17:*:*:*:*:*:*",
"matchCriteriaId": "353C3D52-E183-4ECA-9224-A14E4E1028AD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker\u2019s server and will lead to account takeover when accessed by the victim."
},
{
"lang": "es",
"value": "En Requarks wiki.js, versiones 2.0.0-beta.147 a 2.5.255, est\u00e1n afectadas por una vulnerabilidad de tipo XSS almacenado, donde Un usuario poco privilegiado (editor) puede cargar un archivo SVG que contenga JavaScript malicioso mientras carga activos en la p\u00e1gina. Esto enviar\u00e1 los tokens JWT al servidor del atacante y conllevar\u00e1 a una toma de control de la cuenta cuando la v\u00edctima acceda a ella"
}
],
"id": "CVE-2021-25993",
"lastModified": "2024-11-21T05:55:45.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "vulnerabilitylab@mend.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-29T17:15:07.483",
"references": [
{
"source": "vulnerabilitylab@mend.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"source": "vulnerabilitylab@mend.io",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
}
],
"sourceIdentifier": "vulnerabilitylab@mend.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "vulnerabilitylab@mend.io",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-43856
Vulnerability from fkie_nvd - Published: 2021-12-27 18:15 - Updated: 2024-11-21 06:29
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/releases/tag/2.5.264 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/releases/tag/2.5.264 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3F2ADB-A69D-403D-9A61-51A8644F42E0",
"versionEndExcluding": "2.5.264",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/"
},
{
"lang": "es",
"value": "Wiki.js es una aplicaci\u00f3n wiki construida sobre Node.js. Wiki.js versiones 2.5.263 y anteriores, son vulnerables a un ataque de tipo cross-site scripting almacenado por medio de una carga de archivos que no son de imagen para los tipos de archivos que pueden ser visualizados directamente en l\u00ednea en el navegador. Al crear un archivo malicioso que puede ejecutar JS en l\u00ednea cuando es visualizado en el navegador (por ejemplo, archivos XML), un usuario malicioso de Wiki.js puede realizar un ataque de tipo cross-site scripting almacenado. Esto permite al atacante ejecutar JavaScript malicioso cuando el archivo es visto directamente por otros usuarios. El archivo debe ser abierto directamente por el usuario y no ser\u00e1 desencadenado directamente en una p\u00e1gina Wiki.js normal. Un parche en la versi\u00f3n 2.5.264 corrige esta vulnerabilidad al a\u00f1adir un flag de descarga opcional forzado (habilitada por defecto) para todos los tipos de archivos que no sean de imagen, impidiendo que el archivo sea visualizado en l\u00ednea en el navegador. Como soluci\u00f3n, deshabilite la carga de archivos para todos los usuarios que no sean confiables. --- Gracias a @Haxatron por reportar esta vulnerabilidad. Informado inicialmente por medio de https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/"
}
],
"id": "CVE-2021-43856",
"lastModified": "2024-11-21T06:29:56.487",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-27T18:15:07.583",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-43855
Vulnerability from fkie_nvd - Published: 2021-12-27 18:15 - Updated: 2024-11-21 06:29
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/releases/tag/2.5.264 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/releases/tag/2.5.264 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9 | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3F2ADB-A69D-403D-9A61-51A8644F42E0",
"versionEndExcluding": "2.5.264",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users."
},
{
"lang": "es",
"value": "Wiki.js es una aplicaci\u00f3n wiki construida sobre node.js. Wiki.js versiones 2.5.263 y anteriores, es vulnerable a un ataque de tipo cross-site scripting almacenado por medio de una carga de archivos SVG realizada por medio de una petici\u00f3n personalizada con un tipo MIME falso. Al crear un archivo SVG dise\u00f1ado, un usuario malicioso de Wiki.js puede llevar a cabo un ataque de tipo Cross-site scripting almacenado. Esto permite al atacante ejecutar JavaScript malicioso cuando el SVG es visto directamente por otros usuarios. Los scripts no se ejecutan cuando se cargan dentro de una p\u00e1gina por medio de etiquetas \"(img)\" normales. El SVG malicioso s\u00f3lo puede subirse al dise\u00f1ar una petici\u00f3n personalizada al servidor con un tipo MIME falso. Un parche en la versi\u00f3n 2.5.264 corrige esta vulnerabilidad al a\u00f1adir una comprobaci\u00f3n adicional de la extensi\u00f3n del archivo al paso opcional (habilitado por defecto) de saneo de SVG a todas las subidas de archivos que coincidan con el tipo mime de SVG. Como soluci\u00f3n, deshabilite la carga de archivos para todos los usuarios que no sean confiables"
}
],
"id": "CVE-2021-43855",
"lastModified": "2024-11-21T06:29:56.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-27T18:15:07.520",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-43842
Vulnerability from fkie_nvd - Published: 2021-12-20 23:15 - Updated: 2024-11-21 06:29
Severity ?
Summary
Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/releases/tag/2.5.260 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/releases/tag/2.5.260 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5060EB4-DBED-4595-9558-FDEC56ABB41A",
"versionEndIncluding": "2.5.257",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258."
},
{
"lang": "es",
"value": "Wiki.js es una aplicaci\u00f3n wiki construida sobre Node.js. Wiki.js versiones 2.5.257 y anteriores, son vulnerables a un ataque de tipo cross-site scripting almacenado mediante la carga de un archivo SVG. Al crear un archivo SVG dise\u00f1ado, un usuario malicioso de Wiki.js puede realizar un ataque de tipo cross-site scripting almacenado. Esto permite al atacante ejecutar JavaScript malicioso cuando el SVG es visto directamente por otros usuarios. Los scripts no son ejecutados cuando son cargados dentro de una p\u00e1gina por medio de etiquetas \"(img)\" normales. El commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 corrige esta vulnerabilidad al a\u00f1adir un paso opcional (habilitado por defecto) de saneo de SVG a todas las cargas de archivos que coincidan con el tipo mime de SVG. Como soluci\u00f3n, deshabilite la carga de archivos para todos los usuarios que no sean confiables. La versi\u00f3n 2.5.260 de Wiki.js es la primera versi\u00f3n de producci\u00f3n que contiene un parche. La versi\u00f3n 2.5.258 es la primera versi\u00f3n de desarrollo que contiene un parche y est\u00e1 disponible s\u00f3lo como imagen Docker como requarks/wiki:canary-2.5.258"
}
],
"id": "CVE-2021-43842",
"lastModified": "2024-11-21T06:29:54.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2021-12-20T23:15:29.300",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.260"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2021-43800
Vulnerability from fkie_nvd - Published: 2021-12-06 19:15 - Updated: 2024-11-21 06:29
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git).
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/releases/tag/2.5.254 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/releases/tag/2.5.254 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F37B6EF5-4E9C-45D3-94B5-370C3BAC2003",
"versionEndExcluding": "2.5.245",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git)."
},
{
"lang": "es",
"value": "Wiki.js es una aplicaci\u00f3n wiki construida sobre Node.js. En versiones anteriores a 2.5.254, un salto de directorio fuera del contexto de Wiki.js es posible cuando se habilita un m\u00f3dulo de almacenamiento con b\u00fasqueda de cach\u00e9 de activos locales en un host de Windows. Un usuario malicioso puede leer potencialmente cualquier archivo del sistema de archivos dise\u00f1ando una URL especial que permita saltar el directorio. Esto s\u00f3lo es posible en un servidor Wiki.js que es ejecutado en Windows, cuando un m\u00f3dulo de almacenamiento que implementa la cach\u00e9 de activos locales (por ejemplo, Sistema de archivos locales o Git) est\u00e1 habilitado y que ninguna soluci\u00f3n de firewall de aplicaciones web (por ejemplo, cloudflare) elimina las URL potencialmente maliciosas. El n\u00famero de commit 414033de9dff66a327e3f3243234852f468a9d85 corrige esta vulnerabilidad saneando la ruta antes de pasarla al m\u00f3dulo de almacenamiento. El paso de saneo elimina cualquier secuencia de salto de directorio de Windows de la ruta. Como soluci\u00f3n, deshabilite cualquier m\u00f3dulo de almacenamiento con capacidades de almacenamiento en cach\u00e9 de activos locales (Sistema de archivos local, Git)"
}
],
"id": "CVE-2021-43800",
"lastModified": "2024-11-21T06:29:49.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-06T19:15:07.670",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.254"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-21383
Vulnerability from fkie_nvd - Published: 2021-03-18 17:15 - Updated: 2024-11-21 05:48
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/releases/tag/2.5.191 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/releases/tag/2.5.191 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BA27C-823D-4E0A-A478-1E8CE5EC2EC8",
"versionEndExcluding": "2.5.191",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `\u003cpre\u003e` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `\u003cpre\u003e` tags during the render."
},
{
"lang": "es",
"value": "Wiki.js una aplicaci\u00f3n wiki de c\u00f3digo abierto construida sobre Node.js.\u0026#xa0;Wiki.js versiones anteriores a 2.5.191, es vulnerable a un ataque de tipo cross-site scripting almacenado por medio de expresiones mustache en bloques de c\u00f3digo.\u0026#xa0;Esta vulnerabilidad se presenta debido a que las expresiones mustache eran analizadas por Vue durante la inyecci\u00f3n de contenido a pesar de que est\u00e1 contenida dentro de un elemento \"(pre)\".\u0026#xa0;Al crear una p\u00e1gina wiki dise\u00f1ada, un usuario de Wiki.js malicioso puede organizar un ataque de tipo cross-site scripting almacenado.\u0026#xa0;Esto permite al atacante ejecutar JavaScript malicioso cuando otros usuarios visualizan la p\u00e1gina.\u0026#xa0;Para visualizar un ejemplo, consulte el Aviso de Seguridad de GitHub al que se hace referencia.\u0026#xa0;Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 corrige esta vulnerabilidad agregando la directiva v-pre a todas las etiquetas \"(pre)\" durante el renderizado"
}
],
"id": "CVE-2021-21383",
"lastModified": "2024-11-21T05:48:14.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-18T17:15:13.947",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.191"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-15274
Vulnerability from fkie_nvd - Published: 2020-10-26 19:15 - Updated: 2024-11-21 05:05
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://docs.requarks.io/releases | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.requarks.io/releases | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:requarks:wiki.js:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5184AE8-018D-4B51-9320-9F02BD92134F",
"versionEndExcluding": "2.5.162",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results."
},
{
"lang": "es",
"value": "En Wiki.js versiones anteriores a 2.5.162, una carga \u00fatil de tipo XSS puede ser inyectada en un t\u00edtulo de p\u00e1gina y ejecutada por medio de los resultados de b\u00fasqueda.\u0026#xa0;Si bien el t\u00edtulo se escapa apropiadamente tanto en los enlaces de navegaci\u00f3n como en el t\u00edtulo de la p\u00e1gina real, no es el caso en los resultados de b\u00fasqueda.\u0026#xa0;El commit a57d9af34c15adbf460dde6553d964efddf433de corrige esta vulnerabilidad (versi\u00f3n 2.5.162) al escapar apropiadamente el contenido de texto mostrado en los resultados de b\u00fasqueda"
}
],
"id": "CVE-2020-15274",
"lastModified": "2024-11-21T05:05:14.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-26T19:15:12.863",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.requarks.io/releases"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://docs.requarks.io/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
CVE-2025-56643 (GCVE-0-2025-56643)
Vulnerability from cvelistv5 – Published: 2025-11-18 00:00 – Updated: 2025-11-19 16:50
VLAI?
Summary
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. The issue is present in the authentication resolver logic and affects both the GraphQL endpoint and the logout mechanism.
Severity ?
9.1 (Critical)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-56643",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T16:25:25.296035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T16:50:05.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be reused to access the system, even after logout. This behavior affects session integrity and may allow unauthorized access if a token is compromised. The issue is present in the authentication resolver logic and affects both the GraphQL endpoint and the logout mechanism."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T17:42:16.393Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/0xBS0D27/CVE-2025-56643"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-56643",
"datePublished": "2025-11-18T00:00:00.000Z",
"dateReserved": "2025-08-17T00:00:00.000Z",
"dateUpdated": "2025-11-19T16:50:05.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1681 (GCVE-0-2022-1681)
Vulnerability from cvelistv5 – Published: 2022-05-12 07:45 – Updated: 2024-08-03 00:10
VLAI?
Title
Authentication Bypass Using an Alternate Path or Channel in requarks/wiki
Summary
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions
Severity ?
7.2 (High)
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| requarks | requarks/wiki |
Affected:
unspecified , < 2.5.281
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:10:03.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "requarks/wiki",
"vendor": "requarks",
"versions": [
{
"lessThan": "2.5.281",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-12T07:45:14",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
],
"source": {
"advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1681",
"STATE": "PUBLIC",
"TITLE": "Authentication Bypass Using an Alternate Path or Channel in requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "requarks/wiki",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.5.281"
}
]
}
}
]
},
"vendor_name": "requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/591b11e1-7504-4a96-99c6-08f2b419e767"
},
{
"name": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c",
"refsource": "MISC",
"url": "https://github.com/requarks/wiki/commit/78d02dc8e5d103d248e5d7632bf7a6facdf4264c"
}
]
},
"source": {
"advisory": "591b11e1-7504-4a96-99c6-08f2b419e767",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1681",
"datePublished": "2022-05-12T07:45:14",
"dateReserved": "2022-05-12T00:00:00",
"dateUpdated": "2024-08-03T00:10:03.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-23654 (GCVE-0-2022-23654)
Vulnerability from cvelistv5 – Published: 2022-02-22 20:05 – Updated: 2025-04-23 19:02
VLAI?
Title
Improper write access check in Requarks/wiki
Summary
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation.
Severity ?
8.1 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-23654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T15:55:50.514144Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:02:06.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.276"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-22T20:05:10.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b"
}
],
"source": {
"advisory": "GHSA-3cv9-795v-6j7j",
"discovery": "UNKNOWN"
},
"title": "Improper write access check in Requarks/wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23654",
"STATE": "PUBLIC",
"TITLE": "Improper write access check in Requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.276"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3cv9-795v-6j7j"
},
{
"name": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b"
}
]
},
"source": {
"advisory": "GHSA-3cv9-795v-6j7j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23654",
"datePublished": "2022-02-22T20:05:11.000Z",
"dateReserved": "2022-01-19T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:02:06.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25993 (GCVE-0-2021-25993)
Vulnerability from cvelistv5 – Published: 2021-12-29 16:50 – Updated: 2025-04-30 15:43
VLAI?
Title
Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor
Summary
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Cross-site Scripting (XSS)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
Credits
WhiteSource Vulnerability Research Team (WVR)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:19.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25993",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-30T15:27:28.139032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T15:43:38.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0-beta.147",
"versionType": "custom"
},
{
"lessThanOrEqual": "2.5.255",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"datePublic": "2021-12-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker\u2019s server and will lead to account takeover when accessed by the victim."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-29T16:50:09.000Z",
"orgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"shortName": "Mend"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
}
],
"solutions": [
{
"lang": "en",
"value": "Update version to 2.5.260 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
},
"title": "Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerabilitylab@whitesourcesoftware.com",
"DATE_PUBLIC": "2021-12-29T08:22:00.000Z",
"ID": "CVE-2021-25993",
"STATE": "PUBLIC",
"TITLE": "Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "2.0.0-beta.147"
},
{
"version_affected": "\u003c=",
"version_value": "2.5.255"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "WhiteSource Vulnerability Research Team (WVR)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker\u2019s server and will lead to account takeover when accessed by the victim."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"name": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993",
"refsource": "MISC",
"url": "https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update version to 2.5.260 or later"
}
],
"source": {
"advisory": "https://www.whitesourcesoftware.com/vulnerability-database/",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "478c68dd-22c1-4a41-97cd-654224dfacff",
"assignerShortName": "Mend",
"cveId": "CVE-2021-25993",
"datePublished": "2021-12-29T16:50:09.782Z",
"dateReserved": "2021-01-22T00:00:00.000Z",
"dateUpdated": "2025-04-30T15:43:38.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43855 (GCVE-0-2021-43855)
Vulnerability from cvelistv5 – Published: 2021-12-27 18:05 – Updated: 2024-08-04 04:10
VLAI?
Title
Stored XSS via SVG in Requarks/wiki
Summary
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users.
Severity ?
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.264"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:05:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f"
}
],
"source": {
"advisory": "GHSA-4893-pj5w-3hq9",
"discovery": "UNKNOWN"
},
"title": "Stored XSS via SVG in Requarks/wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43855",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via SVG in Requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.264"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.264",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
},
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-4893-pj5w-3hq9"
},
{
"name": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/57b56d3a5b9c00358814e76f3ee5b4bb353ad62f"
}
]
},
"source": {
"advisory": "GHSA-4893-pj5w-3hq9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43855",
"datePublished": "2021-12-27T18:05:16",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43856 (GCVE-0-2021-43856)
Vulnerability from cvelistv5 – Published: 2021-12-27 18:05 – Updated: 2024-08-04 04:10
VLAI?
Title
Stored XSS in non-image uploads in Requarks/wiki
Summary
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/
Severity ?
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.264"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:05:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
}
],
"source": {
"advisory": "GHSA-rhpf-929m-7fm2",
"discovery": "UNKNOWN"
},
"title": "Stored XSS in non-image uploads in Requarks/wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43856",
"STATE": "PUBLIC",
"TITLE": "Stored XSS in non-image uploads in Requarks/wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.264"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-rhpf-929m-7fm2"
},
{
"name": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/79bdd4409316adf649806de3e22352297f85cee0"
},
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.264",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.264"
}
]
},
"source": {
"advisory": "GHSA-rhpf-929m-7fm2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43856",
"datePublished": "2021-12-27T18:05:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43842 (GCVE-0-2021-43842)
Vulnerability from cvelistv5 – Published: 2021-12-20 22:30 – Updated: 2024-08-04 04:10
VLAI?
Title
Stored XSS via SVG file upload in Wiki.js
Summary
Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.258 (development)"
},
{
"status": "affected",
"version": "\u003c 2.5.260 (production)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-20T22:30:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.260"
}
],
"source": {
"advisory": "GHSA-3qv4-gp35-rgh7",
"discovery": "UNKNOWN"
},
"title": "Stored XSS via SVG file upload in Wiki.js",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43842",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via SVG file upload in Wiki.js"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.258 (development)"
},
{
"version_value": "\u003c 2.5.260 (production)"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `\u003cimg\u003e` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7"
},
{
"name": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718"
},
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.260",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.260"
}
]
},
"source": {
"advisory": "GHSA-3qv4-gp35-rgh7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43842",
"datePublished": "2021-12-20T22:30:11",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43800 (GCVE-0-2021-43800)
Vulnerability from cvelistv5 – Published: 2021-12-06 18:50 – Updated: 2024-08-04 04:03
VLAI?
Title
Asset directory traversal with some storage modules on Windows
Summary
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git).
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.254"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.254"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-06T18:50:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.254"
}
],
"source": {
"advisory": "GHSA-r363-73gj-6j25",
"discovery": "UNKNOWN"
},
"title": "Asset directory traversal with some storage modules on Windows",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43800",
"STATE": "PUBLIC",
"TITLE": "Asset directory traversal with some storage modules on Windows"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.254"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-r363-73gj-6j25"
},
{
"name": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/414033de9dff66a327e3f3243234852f468a9d85"
},
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.254",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.254"
}
]
},
"source": {
"advisory": "GHSA-r363-73gj-6j25",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43800",
"datePublished": "2021-12-06T18:50:10",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:03:08.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21383 (GCVE-0-2021-21383)
Vulnerability from cvelistv5 – Published: 2021-03-18 17:10 – Updated: 2024-08-03 18:09
VLAI?
Title
XSS in Wiki.js
Summary
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render.
Severity ?
7.6 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.191"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `\u003cpre\u003e` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `\u003cpre\u003e` tags during the render."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-18T17:10:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.191"
}
],
"source": {
"advisory": "GHSA-6xx4-m8gx-826r",
"discovery": "UNKNOWN"
},
"title": "XSS in Wiki.js",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21383",
"STATE": "PUBLIC",
"TITLE": "XSS in Wiki.js"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.191"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `\u003cpre\u003e` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `\u003cpre\u003e` tags during the render."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r"
},
{
"name": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/5ffa189383dd716f12b56b8cae2ba0d075996cf1"
},
{
"name": "https://github.com/Requarks/wiki/releases/tag/2.5.191",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/releases/tag/2.5.191"
}
]
},
"source": {
"advisory": "GHSA-6xx4-m8gx-826r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21383",
"datePublished": "2021-03-18T17:10:16",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-15274 (GCVE-0-2020-15274)
Vulnerability from cvelistv5 – Published: 2020-10-26 18:35 – Updated: 2024-08-04 13:15
VLAI?
Title
Stored XSS via search result in Wiki.js
Summary
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results.
Severity ?
5.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:15:19.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.requarks.io/releases"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wiki.js",
"vendor": "Requarks",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.162"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-26T18:35:19",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.requarks.io/releases"
}
],
"source": {
"advisory": "GHSA-pgjv-84m7-62q7",
"discovery": "UNKNOWN"
},
"title": "Stored XSS via search result in Wiki.js",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15274",
"STATE": "PUBLIC",
"TITLE": "Stored XSS via search result in Wiki.js"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wiki.js",
"version": {
"version_data": [
{
"version_value": "\u003c 2.5.162"
}
]
}
}
]
},
"vendor_name": "Requarks"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460dde6553d964efddf433de fixes this vulnerability (version 2.5.162) by properly escaping the text content displayed in the search results."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7",
"refsource": "CONFIRM",
"url": "https://github.com/Requarks/wiki/security/advisories/GHSA-pgjv-84m7-62q7"
},
{
"name": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de",
"refsource": "MISC",
"url": "https://github.com/Requarks/wiki/commit/a57d9af34c15adbf460dde6553d964efddf433de"
},
{
"name": "https://docs.requarks.io/releases",
"refsource": "MISC",
"url": "https://docs.requarks.io/releases"
}
]
},
"source": {
"advisory": "GHSA-pgjv-84m7-62q7",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15274",
"datePublished": "2020-10-26T18:35:19",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:15:19.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}