Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Wiki.js Stored XSS through Client Side Template Injection
Vulnerability Description
Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
CWE-1336
Vulnerability Title
Wiki.js 安全漏洞
Vulnerability Description
Wiki.js是Requarks.io团队的一套基于Node.js并使用JavaScript语言编写的开源Wiki软件。 Wiki.js 2.5.303之前版本存在安全漏洞,该漏洞源于允许攻击者将恶意 JavaScript 注入到页面的内容部分,一旦受害者加载包含有效负载的页面,该部分就会执行。
CVSS Information
N/A
Vulnerability Type
N/A