In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. This has been patched in 2.4.107.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-06-16T21:55:15
Updated: 2024-08-04T07:52:20.875Z
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4052
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-16T22:15:10.503
Modified: 2024-11-21T05:32:13.803
Link: CVE-2020-4052
Redhat
No data.