Bounties
Partners
Community
Info
requarks / wiki
Project repository
Wiki.js | A modern and powerful wiki app built on Node.js
Submit a report
FIRST INTERACTION
WITHIN
2 DAYS
REVIEW
WITHIN
3 DAYS
FIX
WITHIN
5 DAYS
Wiki.js Client-Side Template Injection (CSTI) via Template HTML Tag Vulnerabilit...
May 2nd 2023
jacobsoo
•
pending
Wiki.js Client-Side Template Injection (CSTI) via Incorrect Sanitisation Order V...
May 2nd 2023
jacobsoo
•
pending
Wiki.js Client-Side Template Injection (CSTI) in Page Source View Vulnerability
May 2nd 2023
jacobsoo
•
pending
Wiki.js Command Injection in Git Storage Configuration Vulnerability
May 2nd 2023
jacobsoo
•
pending
Stored Cross Site Scripting (XSS) - Scripts Input
Dec 1st 2022
dievus
•
self closed
Change of Administrator Password
Nov 24th 2022
biedersteineradmin
•
pending
XSS stored when set locale
Oct 7th 2022
ch1nhpd
•
not applicable
Leak Database Structure and graphQL queries
Oct 7th 2022
ch1nhpd
•
not applicable
Stored XSS
Sep 22nd 2022
0xcybery
•
not applicable
Insufficient Session Expiration
Sep 19th 2022
0xcybery
•
informative
Medium
User Enumeration via Response Timing
Sep 18th 2022
vautia
•
Medium
Medium
Authentication Bypass Using an Alternate Path or Channel
May 10th 2022
n1k1x86
•
High
•
$60
High
•
$60
•
CVE-2022-1681
CVE-2022-1681
Cross-Site Request Forgery (CSRF)
Jan 30th 2022
haxatron
•
Medium
•
$85
Medium
•
$85
Cross-Site Request Forgery (CSRF)
Jan 23rd 2022
haxatron
•
Medium
•
$102
Medium
•
$102
Cross-site Scripting (XSS) - Stored
Dec 25th 2021
haxatron
•
Medium
•
$126
Medium
•
$126
Cross-site Scripting (XSS) - Reflected
Dec 25th 2021
haxatron
•
Medium
•
$105
Medium
•
$105
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
