CVE-2024-34710

HIGH Year: 2024
CVSS v3 Score
7.1
High
Weakness Type
CWE-1336
View all →

Vulnerability Description

Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.

Related Vulnerabilities

CVE-2022-0896

HIGH
CVSS:7.1(High)

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository microweber/microweber prior to 1.3.

CWE-13362022

CVE-2024-39766

HIGH
CVSS:7.0(High)

Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of priv...

CWE-13362024

CVE-2021-39128

HIGH
CVSS:7.2(High)

Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-sid...

CWE-13362021

CVE-2023-29297

HIGH
CVSS:7.2(High)

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability tha...

CWE-13362023

CVE-2023-46245

HIGH
CVSS:7.2(High)

Kimai is a web-based multi-user time-tracking application. Versions prior to 2.1.0 are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The ...

CWE-13362023

CVE-2024-42356

HIGH
CVSS:7.2(High)

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the `context` variable is injected into almost any Twig Template and allows to access to current language, currency infor...

CWE-13362024