CVE-2021-25993 Information
Jun 07, 2022
cve
Description
In Requarks wiki.js versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Reference
https://github.com/Requarks/wiki/commit/5d3e81496fba1f0fbd64eeb855f30f69a9040718 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25993
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
5.4
Share on: