Vulnerabilities > Requarks
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2022-1681 | Improper Authentication vulnerability in Requarks Wiki.Js Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. | 9.0 |
| 2022-02-22 | CVE-2022-23654 | Unspecified vulnerability in Requarks Wiki.Js Wiki.js is a wiki app built on Node.js. | 6.5 |
| 2021-12-29 | CVE-2021-25993 | Cross-site Scripting vulnerability in Requarks Wiki.Js In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. | 3.5 |
| 2021-12-27 | CVE-2021-43855 | Cross-site Scripting vulnerability in Requarks Wiki.Js Wiki.js is a wiki app built on node.js. | 3.5 |
| 2021-12-27 | CVE-2021-43856 | Cross-site Scripting vulnerability in Requarks Wiki.Js Wiki.js is a wiki app built on Node.js. | 3.5 |
| 2021-12-20 | CVE-2021-43842 | Cross-site Scripting vulnerability in Requarks Wiki.Js Wiki.js is a wiki app built on Node.js. | 3.5 |
| 2021-12-06 | CVE-2021-43800 | Path Traversal vulnerability in Requarks Wiki.Js Wiki.js is a wiki app built on Node.js. | 4.3 |
| 2021-03-18 | CVE-2021-21383 | Cross-site Scripting vulnerability in Requarks Wiki.Js Wiki.js an open-source wiki app built on Node.js. | 3.5 |
| 2020-10-26 | CVE-2020-15274 | Cross-site Scripting vulnerability in Requarks Wiki.Js In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. | 3.5 |
| 2020-10-05 | CVE-2020-15236 | Path Traversal vulnerability in Requarks Wiki.Js 2.5.80 In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. | 5.0 |