3 matches found
CVE-2021-43856
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser e.g...
CVE-2021-43856
creationtimestamp| type| source ---|---|--- 2021-12-27 20:23:43+00:00| seen| https://t.me/cibsecurity/34680...
CVE-2021-43856
CVE-2021-43856 concerns Wiki.js (Node.js) up to version 2.5.263, vulnerable to stored cross-site scripting via non-image file uploads that can be viewed inline in the browser. By uploading a file that executes inline JS when opened directly (e.g., an XML file), an attacker could trigger a stored ...