📦 Wiki.js

Wiki.js 2.5.307 has a critical authentication flaw where JWT tokens remain valid after logout, allowing session hijacking. Attackers can reuse stolen tokens to impersonate users and access sensitive w...

CVE-2022-1681 is an authentication bypass vulnerability in Wiki.js that allows attackers to gain root user permissions through an alternate path or channel. This affects all users running Wiki.js vers...

Wiki.js versions before 2.5.274 contain an improper authentication vulnerability (CWE-287) where authenticated users with write access to restricted paths can update pages outside their allowed scope....

Wiki.js versions 2.5.263 and earlier are vulnerable to stored cross-site scripting (XSS) through malicious non-image file uploads. An authenticated attacker can upload files like XML that execute Java...

This directory traversal vulnerability in Wiki.js allows attackers to read arbitrary files on Windows systems when specific storage modules are enabled. It affects Wiki.js servers running on Windows w...

Wiki.js versions before 2.5.191 are vulnerable to stored cross-site scripting (XSS) through mustache expressions in code blocks. Malicious users can create crafted wiki pages that execute JavaScript w...