CVE-2024-34710

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-34710
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34710.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-34710
Aliases
Published
2024-05-20T22:15:08Z
Modified
2024-06-05T16:43:17.340799Z
Summary
[none]
Details

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.

References

Affected packages

Git / github.com/requarks/wiki

Affected ranges

Type
GIT
Repo
https://github.com/requarks/wiki
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.0.0-beta.11
2.0.0-beta.115
2.0.0-beta.147
2.0.0-beta.148
2.0.0-beta.174
2.0.0-beta.180
2.0.0-beta.203
2.0.0-beta.208
2.0.0-beta.230
2.0.0-beta.241
2.0.0-beta.267
2.0.0-beta.268
2.0.0-beta.275
2.0.0-beta.303
2.0.0-beta.42
2.0.0-beta.68
2.0.0-beta.84
2.0.0-beta.91
2.0.0-rc.1
2.0.0-rc.17
2.0.1
2.0.12
2.1.113
2.2.50
2.2.51
2.3.71
2.3.72
2.3.77
2.4.105
2.4.107
2.4.75
2.5.105
2.5.117
2.5.121
2.5.126
2.5.132
2.5.136
2.5.144
2.5.159
2.5.170
2.5.191
2.5.197
2.5.201
2.5.214
2.5.219
2.5.254
2.5.255
2.5.260
2.5.264
2.5.268
2.5.272
2.5.274

v1.*

v1.0-alpha.1
v1.0-alpha.2
v1.0-alpha.3
v1.0-alpha.4
v1.0-alpha.5
v1.0-alpha.6
v1.0-alpha.7
v1.0-beta.1
v1.0-beta.2
v1.0-beta.3
v1.0-beta.4
v1.0-beta.5
v1.0.0-beta.10
v1.0.0-beta.11
v1.0.0-beta.12
v1.0.0-beta.13
v1.0.0-beta.6
v1.0.0-beta.7
v1.0.0-beta.8
v1.0.0-beta.9
v1.0.1
v1.0.10
v1.0.11
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.0.9

v2.*

v2.5.275
v2.5.276
v2.5.277
v2.5.278
v2.5.279
v2.5.280
v2.5.281
v2.5.282
v2.5.283
v2.5.284
v2.5.285
v2.5.286
v2.5.287
v2.5.288
v2.5.289
v2.5.290
v2.5.291
v2.5.292
v2.5.293
v2.5.294
v2.5.295
v2.5.296
v2.5.297
v2.5.298
v2.5.299
v2.5.300
v2.5.301
v2.5.302