Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
requarks wiki.js vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-25993
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’...
Requarks Wiki.js 2.0.0
Requarks Wiki.js
3.5
CVSSv2
CVE-2021-21383
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even thoug...
Requarks Wiki.js
4.3
CVSSv2
CVE-2021-43800
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by cr...
Requarks Wiki.js
3.5
CVSSv2
CVE-2021-43855
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and previous versions is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-...
Requarks Wiki.js
5
CVSSv2
CVE-2020-15236
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory tr...
Requarks Wiki.js
3.5
CVSSv2
CVE-2020-15274
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit a57d9af34c15adbf460d...
Requarks Wiki.js
3.5
CVSSv2
CVE-2020-11051
In Wiki.js prior to 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the...
Requarks Wiki.js
9
CVSSv2
CVE-2022-1681
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki before 2.5.281. User can get root user permissions
Requarks Wiki.js
3.5
CVSSv2
CVE-2021-43842
Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and previous versions are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the...
Requarks Wiki.js
3.5
CVSSv2
CVE-2021-43856
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and previous versions is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS whe...
Requarks Wiki.js
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »