{ "affected": [ { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1238d614e1599fefadd4614ee4b5797a087f50ac" } ], "repo": "https://github.com/requarks/wiki", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "1238d614e1599fefadd4614ee4b5797a087f50ac" } ], "repo": "https://github.com/requarks/wiki", "type": "GIT" } ] } ], "aliases": [ "GHSA-xjcj-p2qv-q3rf" ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-1336" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/34xxx/CVE-2024-34710.json" }, "details": "Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.\n", "id": "CVE-2024-34710", "modified": "2026-04-01T23:10:17.841548914Z", "published": "2024-05-20T21:59:16.606Z", "references": [ { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/34xxx/CVE-2024-34710.json" }, { "type": "ADVISORY", "url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34710" }, { "type": "FIX", "url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "type": "CVSS_V3" } ], "summary": "Wiki.js Stored XSS through Client Side Template Injection " }