3 matches found
CVE-2021-43855
creationtimestamp| type| source ---|---|--- 2021-12-27 20:23:41+00:00| seen| https://t.me/cibsecurity/34679...
CVE-2021-43855 Stored XSS via SVG in Requarks/wiki
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...
CVE-2021-43855
Wiki.js 2.5.263 and earlier are vulnerable to a stored cross-site scripting (XSS) flaw via an SVG file upload using a forged MIME type. A crafted SVG can trigger JavaScript execution when viewed directly by other users; scripts do not run when the SVG is loaded through standard img tags. The issu...