Ngpixel

**Name of the Vulnerable Software and Affected Versions** Wiki.js versions prior to 2.5.162 **Description** The issue allows an XSS payload to be injected in a page title and executed via the search results. Although the title is properly escaped in navigation links and the actual page title, it is not escaped in the search results. **Recommendations** For versions prior to 2.5.162, update to version 2.5.162 or later, which properly escapes the text content displayed in the search results. As a temporary workaround, consider restricting access to the search functionality until the update is applied.