CVE-2021-21383

Name of the Vulnerable Software and Affected Versions Wiki.js versions prior to 2.5.191

Description The issue exists due to mustache expressions being parsed by Vue during content injection, even when contained within a <pre> element. This allows a malicious user to stage a stored cross-site scripting attack by creating a crafted wiki page. The attacker can execute malicious JavaScript when the page is viewed by other users.

Recommendations For versions prior to 2.5.191, update to version 2.5.191 or later, which includes the fix by adding the v-pre directive to all <pre> tags during the render. As a temporary workaround, consider restricting access to the <pre> element or disabling the mustache expressions in code blocks until the update is applied.