CVE-2024-34710
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-34710
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34710.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-34710
- Aliases
-
- GHSA-xjcj-p2qv-q3rf
- GO-2024-2875
- Published
- 2024-05-20T21:59:16.606Z
- Modified
- 2025-11-28T02:34:16.760269Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- Wiki.js Stored XSS through Client Side Template Injection
- Details
-
Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-1336" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/34xxx/CVE-2024-34710.json" }- References