Requarks Wiki
11 CVEs affecting Requarks Wiki. Latest disclosed: 2026-05-12. Critical: 0, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44224 | High | 8.8 | 2026-05-12 | Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it direc… |
CVE-2020-15236 | High | 8.6 | 2020-10-05 | In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled… |
CVE-2021-43855 | High | 8.2 | 2021-12-27 | Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom re… |
CVE-2021-43856 | High | 8.2 | 2021-12-27 | Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types… |
CVE-2022-23654 | High | 8.1 | 2022-02-22 | Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the… |
CVE-2021-21383 | High | 7.6 | 2021-03-18 | Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in c… |
CVE-2021-43800 | High | 7.5 | 2021-12-06 | Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local a… |
CVE-2024-34710 | High | 7.1 | 2024-05-20 | Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the co… |
CVE-2021-25993 | Medium | 5.4 | 2021-12-29 | In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file th… |
CVE-2021-43842 | Medium | 5.4 | 2021-12-20 | Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creati… |
CVE-2024-45298 | Medium | 4.3 | 2024-09-18 | Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up S… |