Home/Product/requarks wiki.js
Product

requarks wiki.js

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-44224
< 2.5.313
Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary grou
8.8HIGH
 CVE-2025-56643
all versions
Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously is
9.1CRITICAL
 CVE-2022-1681
< 2.5.281
Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root us
7.2HIGH
 CVE-2022-23654
< 2.5.276
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths
8.1HIGH
 CVE-2021-25993
>= 2.0.1 and <= 2.5.255
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor)
5.4MEDIUM
 CVE-2021-43856
< 2.5.264
Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image
8.2HIGH
 CVE-2021-43855
< 2.5.264
Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG fil
8.2HIGH
 CVE-2021-43842
<= 2.5.257
Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through
5.4MEDIUM
 CVE-2021-43800
< 2.5.245
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when
7.5HIGH
 CVE-2021-21383
< 2.5.191
Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting thro
7.6HIGH
 CVE-2020-15274
< 2.5.162
In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the t
5.8MEDIUM
 CVE-2020-15236
>= 2.5.80 and < 2.5.151
In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local ass
8.6HIGH
 CVE-2020-4052
< 2.4.107
In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an
6.3MEDIUM
 CVE-2020-11051
< 2.3.81
In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor. An editor with write access to a page, using the Markdown
6.9MEDIUM
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh