Learn about CVE-2021-25993 affecting Requarks wiki.js versions 2.0.0-beta.147 to 2.5.255. Understand the impact, technical details, and mitigation steps to secure your system.
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by a Stored XSS vulnerability, enabling low-privileged users to execute malicious JavaScript by uploading a SVG file, potentially leading to account takeover.
Understanding CVE-2021-25993
This CVE affects Requarks wiki.js versions 2.0.0-beta.147 to 2.5.255 due to a stored XSS vulnerability, allowing attackers to perform malicious actions through uploaded assets.
What is CVE-2021-25993?
It is a Stored Cross-Site Scripting (XSS) vulnerability in Requarks wiki.js versions 2.0.0-beta.147 to 2.5.255 that permits users to upload malicious JavaScript code via SVG files, leading to potential account takeovers.
The Impact of CVE-2021-25993
The vulnerability poses a medium threat, with a CVSS base score of 5.4. Attackers could exploit this flaw to obtain JWT tokens and compromise victim accounts.
Technical Details of CVE-2021-25993
This section provides detailed technical information about the vulnerability.
Vulnerability Description
In versions 2.0.0-beta.147 to 2.5.255 of Requarks wiki.js, a low-privileged editor user can upload a SVG file containing malicious JavaScript code, allowing the extraction of JWT tokens and potential account takeovers.
Affected Systems and Versions
Requarks wiki.js versions 2.0.0-beta.147 to 2.5.255 are affected by this vulnerability.
Exploitation Mechanism
Attackers can exploit this vulnerability by uploading a crafted SVG file containing malicious JavaScript while managing assets on the page.
Mitigation and Prevention
Protect your system from CVE-2021-25993 using the following strategies.
Immediate Steps to Take
Update Requarks wiki.js to version 2.5.260 or later to mitigate the risk of this vulnerability.
Long-Term Security Practices
Implement strict asset upload policies and user permissions to prevent unauthorized uploads.
Patching and Updates
Regularly update your wiki.js software to the latest version to address security vulnerabilities promptly.