VYPR
Medium severity5.4NVD Advisory· Published Dec 29, 2021· Updated Jun 17, 2026

CVE-2021-25993

CVE-2021-25993

Description

In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Requarks/Wikillm-fuzzy2 versions
    2.0.0-beta.147 to 2.5.255+ 1 more
    • (no CPE)range: 2.0.0-beta.147 to 2.5.255
    • (no CPE)range: 2.0.0-beta.147

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.