CVE-2024-34710 - Vulnerability Details - OpenCVE

Description

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.

Published: 2024-05-20

Score: 7.1 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

requarks

wiki

affected

Version	Status	Constraints
`<= 2.5.302`	affected	—

No data.

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2024-35000	Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00301.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac
https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf

History

No history.

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-20T21:59:16.606Z

Updated: 2024-08-02T02:59:22.635Z

Reserved: 2024-05-07T13:53:00.133Z

Link: CVE-2024-34710

Vulnrichment

Updated: 2024-08-02T02:59:22.635Z

NVD

Status : Awaiting Analysis

Published: 2024-05-20T22:15:08.500

Modified: 2024-11-21T09:19:14.687

Link: CVE-2024-34710

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-1336

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34710", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-07T13:53:00.133Z", "datePublished": "2024-05-20T21:59:16.606Z", "dateUpdated": "2024-08-02T02:59:22.635Z"}, "containers": {"cna": {"title": "Wiki.js Stored XSS through Client Side Template Injection ", "problemTypes": [{"descriptions": [{"cweId": "CWE-1336", "lang": "en", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf"}, {"name": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac", "tags": ["x_refsource_MISC"], "url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac"}], "affected": [{"vendor": "requarks", "product": "wiki", "versions": [{"version": "<= 2.5.302", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-20T21:59:16.606Z"}, "descriptions": [{"lang": "en", "value": "Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.\n"}], "source": {"advisory": "GHSA-xjcj-p2qv-q3rf", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "requarks", "product": "wiki.js", "cpes": ["cpe:2.3:a:requarks:wiki.js:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.5.302", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-21T14:08:35.033091Z", "id": "CVE-2024-34710", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T19:10:38.387Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.635Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf"}, {"name": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf", "name": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac", "name": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:22.635Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34710", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T14:08:35.033091Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:requarks:wiki.js:-:*:*:*:*:*:*:*"], "vendor": "requarks", "product": "wiki.js", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.5.302"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-21T14:10:51.807Z"}}], "cna": {"title": "Wiki.js Stored XSS through Client Side Template Injection ", "source": {"advisory": "GHSA-xjcj-p2qv-q3rf", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "requarks", "product": "wiki", "versions": [{"status": "affected", "version": "<= 2.5.302"}]}], "references": [{"url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf", "name": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac", "name": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1336", "description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-20T21:59:16.606Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34710", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:59:22.635Z", "dateReserved": "2024-05-07T13:53:00.133Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-20T21:59:16.606Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.\n"}, {"lang": "es", "value": "Wiki.js es una aplicaci\u00f3n wiki construida en Node.js. Se descubri\u00f3 la inyecci\u00f3n de plantilla del lado del cliente, que podr\u00eda permitir a un atacante inyectar JavaScript malicioso en la secci\u00f3n de contenido de las p\u00e1ginas que se ejecutar\u00eda una vez que la v\u00edctima carga la p\u00e1gina que contiene el payload. Esto fue posible mediante la inyecci\u00f3n de una etiqueta HTML no v\u00e1lida con un payload de inyecci\u00f3n de plantilla en la siguiente l\u00ednea. Esta vulnerabilidad se solucion\u00f3 en 2.5.303."}], "id": "CVE-2024-34710", "lastModified": "2024-11-21T09:19:14.687", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-05-20T22:15:08.500", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac"}, {"source": "security-advisories@github.com", "url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1336"}], "source": "security-advisories@github.com", "type": "Secondary"}]}