Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 05/05/2020 Updated: 08/05/2020

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

In Wiki.js prior to 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81.

Vulnerable Product	Search on Vulmon	Subscribe to Product
requarks wiki.js

CWE-79 https://github.com/Requarks/wiki/security/advisories/GHSA-vj72-c9vq-qxrv https://github.com/Requarks/wiki/commit/05e8a71ceff39167aee830ba8ad5eb0161f2911a https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-11051

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect