Browse all 13 CVE security advisories affecting requarks. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Requarks is a collaborative platform enabling wiki and documentation creation with its Wiki.js software. Historically, the project has faced multiple critical vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. Security researchers have identified authentication bypass issues and insufficient input validation across its components. While no major public security incidents have been widely documented, the 13 CVEs on record highlight recurring concerns around access controls and sanitization. The platform's extensive plugin architecture and customization options introduce additional attack surfaces that require careful configuration and regular updates to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-45298 | Disabled user can bypass lockout by requesting password reset in wiki.js — wikiCWE-670 | 4.3 | Medium | 2024-09-18 |
| CVE-2024-34710 | Wiki.js Stored XSS through Client Side Template Injection — wikiCWE-1336 | 7.1 | High | 2024-05-20 |
| CVE-2022-23654 | Improper write access check in Requarks/wiki — wikiCWE-287 | 8.1 | High | 2022-02-22 |
| CVE-2021-25993 | Requarks wiki.js - Stored Cross-Site Scripting (XSS) in markdown editor — wikiCWE-79 | 5.4 | Medium | 2021-12-29 |
| CVE-2021-43855 | Stored XSS via SVG in Requarks/wiki — wikiCWE-79 | 8.2 | High | 2021-12-27 |
| CVE-2021-43856 | Stored XSS in non-image uploads in Requarks/wiki — wikiCWE-79 | 8.2 | High | 2021-12-27 |
| CVE-2021-43842 | Stored XSS via SVG file upload in Wiki.js — wikiCWE-79 | 5.4 | Medium | 2021-12-20 |
| CVE-2021-43800 | Asset directory traversal with some storage modules on Windows — wikiCWE-22 | 7.5 | High | 2021-12-06 |
| CVE-2021-21383 | XSS in Wiki.js — wikiCWE-79 | 7.6 | High | 2021-03-18 |
| CVE-2020-15236 | Directory Traversal in Wiki.js — wikiCWE-22 | 8.6 | High | 2020-10-05 |
This page lists every published CVE security advisory associated with requarks. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.