CVE-2020-4052

Name of the Vulnerable Software and Affected Versions Wiki.js versions prior to 2.4.107

Description The issue is caused by an insecure validation mechanism that fails to properly insert v-pre tags into rendered HTML elements containing curly-braces, leading to a stored cross-site scripting vulnerability through template injection. This allows a malicious user to create a crafted wiki page, staging a stored cross-site scripting attack that executes malicious JavaScript when the page is viewed by other users.

Recommendations For versions prior to 2.4.107, update to version 2.4.107 to resolve the issue.