← Zuruck zu CVEs
CVE-2024-34710
HIGH7.1
Beschreibung
Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.
CVE Details
CVSS v3.1 Bewertung7.1
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht5/20/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-1336
Referenzen
https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac(security-advisories@github.com)
https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf(security-advisories@github.com)
https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.