Vulnerabilities > CVE-2020-4052 - Unspecified vulnerability in Requarks Wiki.Js

CVSS 6.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

requarks

NVD

Published: 2020-06-16

Updated: 2024-11-21

Summary

In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. This has been patched in 2.4.107.

Vulnerable Configurations

Part	Description	Count
Application	Requarks Requarks Wiki.Js - Requarks Wiki.Js 1.0 Requarks Wiki.Js 1.0.0 Requarks Wiki.Js 1.0.1 Requarks Wiki.Js 1.0.3 Requarks Wiki.Js 1.0.4 Requarks Wiki.Js 1.0.5 Requarks Wiki.Js 1.0.6 Requarks Wiki.Js 1.0.7 Requarks Wiki.Js 1.0.8 Requarks Wiki.Js 1.0.9 Requarks Wiki.Js 1.0.10 Requarks Wiki.Js 1.0.11 Requarks Wiki.Js 1.0.12 Requarks Wiki.Js 1.0.66 Requarks Wiki.Js 1.0.68 Requarks Wiki.Js 1.0.76 Requarks Wiki.Js 1.0.78 Requarks Wiki.Js 1.0.102 Requarks Wiki.Js 2.0.0 Requarks Wiki.Js 2.0.1 Requarks Wiki.Js 2.0.12 Requarks Wiki.Js 2.1.113 Requarks Wiki.Js 2.2.50 Requarks Wiki.Js 2.2.51 Requarks Wiki.Js 2.3.71 Requarks Wiki.Js 2.3.72 Requarks Wiki.Js 2.3.77 Requarks Wiki.Js 2.3.81 Requarks Wiki.Js 2.4.75 Requarks Wiki.Js 2.4.105	68

Summary

Vulnerable Configurations

References