Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2021-25993
HistoryDec 29, 2021 - 5:15 p.m.

CVE-2021-25993

2021-12-2917:15:07
Google
osv.dev
7
requarks wiki.js
stored xss
svg file
account takeover

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.

Related

nvd 1
cvelist 1
prion 1
cve 1
cnvd 1
nvd
nvd
CVE-2021-25993
2021-12-29 17:15:07
cvelist
cvelist
CVE-2021-25993 Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor
2021-12-29 16:50:09
prion
prion
Cross site scripting
2021-12-29 17:15:00
cve
cve
CVE-2021-25993
2021-12-29 17:15:07
cnvd
cnvd
Wiki.js Cross-Site Scripting Vulnerability (CNVD-2022-09774)
2021-12-30 00:00:00

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON
Related for OSV:CVE-2021-25993
nvd1cvelist1prion1cve1cnvd1