Skip to main content

Wiki Js

13 CVEs product

Monthly

CVE-2025-56643 CRITICAL This Week

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiki Js
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2022-1681 HIGH POC PATCH This Week

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Wiki Js
NVD GitHub
CVSS 3.1
7.2
EPSS
1.9%
CVE-2022-23654 MEDIUM PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Node.js Wiki Js
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-25993 MEDIUM POC PATCH This Month

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-43856 MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-43855 MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-43842 MEDIUM PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js Docker XSS File Upload Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-43800 HIGH PATCH This Week

Wiki.js is a wiki app built on Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Microsoft Path Traversal Wiki Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-21383 MEDIUM POC PATCH This Month

Wiki.js an open-source wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2020-15274 MEDIUM PATCH This Month

In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2020-15236 HIGH PATCH This Week

In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Wiki Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2020-4052 MEDIUM PATCH This Month

In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-11051 MEDIUM PATCH This Month

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
EPSS 0% CVSS 9.1
CRITICAL This Week

Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wiki Js
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC PATCH This Week

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Wiki Js
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Node.js Wiki Js
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Wiki Js
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Wiki.js is a wiki app built on node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS File Upload +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Wiki.js is a wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Node.js Docker XSS +2
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Wiki.js is a wiki app built on Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Node.js Microsoft Path Traversal +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Wiki.js an open-source wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS Wiki Js
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Wiki Js
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wiki Js
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy