CVE-2020-11051 MEDIUM

CVE-2020-11051: XSS in Wiki.js

Vendor Requarks

Product Wiki.js

Weakness CWE-79 · XSS

Published May 5, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

What the vulnerability does

01Description

In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown editor, could inject an XSS payload into the content. If another editor (with write access as well) load the same page into the Markdown editor, the XSS payload will be executed as part of the preview panel. The rendered result does not contain the XSS payload as it is stripped by the HTML Sanitization security module. This vulnerability only impacts editors loading the malicious page in the Markdown editor. This has been patched in 2.3.81.

Key dates

02Disclosure timeline

May 5, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-11051

Related vulnerabilities

CVE-2020-11051: XSS in Wiki.js

01Description

02Disclosure timeline

03References

04Related CVE