Lucene search

GitHub_MCVELIST:CVE-2021-43842

HistoryDec 20, 2021 - 10:30 p.m.

CVE-2021-43842 Stored XSS via SVG file upload in Wiki.js

2021-12-2022:30:11

CWE-79

GitHub_M

www.cve.org

wiki.js

node.js

stored xss

svg file upload

cross-site scripting

vulnerability

svg sanitization

file upload

docker

patch

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

25.8%

JSON

Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal <img> tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258.

CNA Affected

[
  {
    "product": "wiki",
    "vendor": "Requarks",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.5.258 (development)"
      },
      {
        "status": "affected",
        "version": "< 2.5.260 (production)"
      }
    ]
  }
]

References

github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718

github.com/Requarks/wiki/releases/tag/2.5.260

github.com/Requarks/wiki/security/advisories/GHSA-3qv4-gp35-rgh7