Client-side template injection vulnerability in Wiki.js
CVE-2024-34710

7.1HIGH

Key Information:

Vendor: Requarks
Status: Wiki
Vendor: CVE Published:; 20 May 2024

What is CVE-2024-34710?

Wiki.js, a collaborative wiki application built on Node.js, has a vulnerability that enables client-side template injection. This flaw allows an attacker to insert malicious JavaScript into pages. By using an invalid HTML tag coupled with a template injection payload, an attacker could execute harmful scripts upon page load. Users of affected versions should apply the fix provided in version 2.5.303 to mitigate risks associated with this vulnerability.

Affected Version(s)

wiki <= 2.5.302

References

https://github.com/requarks/wiki/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/requarks/wiki/commit/1238d614e1599fefa...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2024

CVE-2024-34710 Data

JSON

Requarks

What is CVE-2024-34710?

Affected Version(s)

References

CVSS V3.1

Timeline