EUVD-2021-12818

Malware in sbrugna...

EUVD-2022-24967

Malicious code in bioql PyPI...

Template Injection

github.com/requarks/wiki is vulnerable to Template injection. The vulnerability is due to improper sanitization of user inputs, allowing attackers to inject malicious JavaScript into the content section of pages. Attackers can exploit this by inserting an invalid HTML tag with a template injectio...

GO-2024-2875 Wiki.js Stored XSS through Client Side Template Injection in github.com/requarks/wiki

Wiki.js Stored XSS through Client Side Template Injection in github.com/requarks/wiki...

CVE-2022-1681

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions...

CVE-2022-1681

CVE-2022-1681 affects Wiki.js (Requarks) prior to version 2.5.281. The vulnerability is an authentication bypass via an alternate path or channel that could allow an attacker to gain root-equivalent permissions on the system. The issue arises in Wiki.js and is documented across multiple sources (...

CVE-2022-1681 Authentication Bypass Using an Alternate Path or Channel in requarks/wiki

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions...

CVE-2022-23654 Improper write access check in Requarks/wiki

Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path acces...

CVE-2022-23654 Improper write access check in Requarks/wiki

Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path acces...

Cross-Site Request Forgery (CSRF) in requarks/wiki

Note: Not a vulnerability in ExpressJS Description Fix can by bypassed. Express treats routes as case insensitive while req.path is case sensitive. The fix in the previous report was to check if req.path === "/u"...

CVE-2021-25993

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged editor user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to...

CVE-2021-25993

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged editor user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to...

Cross site scripting

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged editor user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to...

CVE-2021-25993 Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged editor user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to...

CVE-2021-25993 Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged editor user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to...

CVE-2021-25993

The CVE-2021-25993 entry documents a Stored XSS vulnerability in Requarks wiki.js (versions 2.0.0-beta.147 to 2.5.255). A low-privileged editor can upload an SVG containing malicious JavaScript during asset uploads, causing JWTs to be sent to the attacker server and potentially leading to account...

CVE-2021-43855 Stored XSS via SVG in Requarks/wiki

Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This...