What is CVE-2024-34710?

CVE-2024-34710 is a high-severity vulnerability in Requarks Wiki, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 7.1/10. Published 2024-05-20.

How severe is CVE-2024-34710?

High severity. CVSS v3 base score is 7.1 out of 10.

Vulnerability in Requarks Wiki

CVE-2024-34710

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that cont…

EPSS: 0.002 (46.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N.

Affected products

Requarks Wiki — versions <= 2.5.302

Weakness classification (CWE)

CWE-1336 — Improper Neutralization of Special Elements Used in a Template Engine

References

https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf (x_refsource_CONFIRM)
https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-34710?: CVE-2024-34710 is a high-severity vulnerability in Requarks Wiki, classified under Improper Neutralization of Special Elements Used in a Template Engine. CVSS score: 7.1/10. Published 2024-05-20.
How severe is CVE-2024-34710?: High severity. CVSS v3 base score is 7.1 out of 10.