This vulnerability can be exploited by a patient attacker to inject HTML or Javascript into a wiki page via multiple specially-crafted templates with a success rate of approximately 1 in 50,000 uncached views of that wiki page. Of course, a long-lived page cache lowers the success rate with respect to total views and can approach 0% over short periods over time. However, once the attack is successful the wiki page can also be cached in the succeeded state and thereafter have a success rate of 100%.
This issue affects VaultWiki versions 4.0.0 Gamma 1 - 4.0.6, but does not affect VaultWiki Lite. This issue affects XenForo-based installations only.
We have published the following Patch Level releases to resolve this issue:
- 4.0.6 Patch Level 1
- 4.0.5 Patch Level 1
- 4.0.4 Patch Level 1
- 4.0.3 Patch Level 2
- 4.0.2 Patch Level 5
- 4.0.1 Patch Level 8
- 4.0.0 Patch Level 7
- 4.0.0 RC 5 Patch Level 6
- 4.0.0 RC 4 Patch Level 7
We highly recommend that all users running VaultWiki 4.x under XenForo in a production environment upgrade to a patched release as soon as possible.