CVE-2024-34710

Name of the Vulnerable Software and Affected Versions Wiki.js versions prior to 2.5.303

Description A client-side template injection issue was discovered in Wiki.js, a wiki app built on Node.js. This issue could allow an attacker to inject malicious JavaScript into the content section of pages, which would execute when a victim loads the page containing the payload. The injection is possible through the use of an invalid HTML tag with a template injection payload on the next line.

Recommendations For versions prior to 2.5.303, update to version 2.5.303 to resolve the issue. As a temporary workaround, consider restricting the ability to inject custom HTML tags into the content section of pages until the update can be applied.