{"id":"CVE-2020-4052","details":"In Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. This has been patched in 2.4.107.","modified":"2026-04-10T04:26:03.099195Z","published":"2020-06-16T22:15:10.503Z","related":["GHSA-9jgg-4xj2-vjjj"],"references":[{"type":"ADVISORY","url":"https://github.com/Requarks/wiki/security/advisories/GHSA-9jgg-4xj2-vjjj"},{"type":"FIX","url":"https://github.com/Requarks/wiki/commit/9e08718ee904046f8b2294ef6ac79e8a75a451e3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/requarks/wiki","events":[{"introduced":"0"},{"fixed":"9e08718ee904046f8b2294ef6ac79e8a75a451e3"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.107"}]}}],"versions":["2.0.0-beta.11","2.0.0-beta.115","2.0.0-beta.147","2.0.0-beta.148","2.0.0-beta.174","2.0.0-beta.180","2.0.0-beta.203","2.0.0-beta.208","2.0.0-beta.230","2.0.0-beta.241","2.0.0-beta.267","2.0.0-beta.268","2.0.0-beta.275","2.0.0-beta.303","2.0.0-beta.42","2.0.0-beta.68","2.0.0-beta.84","2.0.0-beta.91","2.0.0-rc.1","2.0.0-rc.17","2.0.1","2.0.12","2.1.113","2.2.50","2.2.51","2.3.71","2.3.72","2.3.77","2.4.105","2.4.75","v1.0-alpha.1","v1.0-alpha.2","v1.0-alpha.3","v1.0-alpha.4","v1.0-alpha.5","v1.0-alpha.6","v1.0-alpha.7","v1.0-beta.1","v1.0-beta.2","v1.0-beta.3","v1.0-beta.4","v1.0-beta.5","v1.0.0-beta.10","v1.0.0-beta.11","v1.0.0-beta.12","v1.0.0-beta.13","v1.0.0-beta.6","v1.0.0-beta.7","v1.0.0-beta.8","v1.0.0-beta.9","v1.0.3","v1.0.4","v1.0.5","v1.0.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-4052.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}