CVE-2021-25993
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Requarks | wiki | 2.0.0-beta.147 < unspecified | affected |
| Requarks | wiki | unspecified <= 2.5.255 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
References
- https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.