Main Vulnerability Database SB2021031315

SB2021031315 - Cross-site scripting in Wiki.js

Published: March 13, 2021 Updated: April 28, 2026

Security Bulletin ID SB2021031315

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Cross-site scripting (CVE-ID: CVE-2021-21383)

The vulnerability allows a remote user to execute arbitrary JavaScript in the browser of another user.

The vulnerability exists due to cross-site scripting in code blocks when rendering wiki page content containing mustache expressions. A remote user can create a crafted wiki page to execute arbitrary JavaScript in the browser of another user.

User interaction is required because the crafted page must be viewed by another user.

Remediation

Install update from vendor's website.

References

https://github.com/requarks/wiki/security/advisories/GHSA-6xx4-m8gx-826r
https://github.com/advisories/GHSA-6xx4-m8gx-826r