Issue List
VWE-2021-6191 is a Permissions Escalation and Data Loss issue, where some edits do not preserve existing custom field values from the previous edit. This is most common for edits generated from outside the Edit tab, such as mass edits. Within the Edit tab, when a user who does not have permission to change any custom field for a page edits that page, the unpermitted custom fields may be changed to a blank value. The issue affects VaultWiki 4.1.0 RC 2 and higher, under XenForo 2.1 and higher only.VWE-2021-6205 is a Permissions Escalation issue, where a user can view a list of content in a disambiguation page via a content chooser that is showing results from disambiguation pages, even though the user does not have permission to view a list of the disambiguation page's contents. The issue affects VaultWiki 4.1.0 RC 3 and higher.
VWE-2021-6207 is a Data Loss issue, where changes to the editor's contents since it was loaded are not retained upon saving, if the editor was previewed. The issue affects VaultWiki 4.0.0 Beta 1 and higher, under XenForo only, but only leads to data loss under XenForo 2.2 or higher.
VWE-2021-6208 is a Data Loss issue, where template parameter editor contents of forced template content are not saved if the editor was changed from BB-Code to WYSIWYG mode. The issue affects VaultWiki 4.1.0 RC 3 and higher, under vBulletin only.
VWE-2021-6209 is a Data Loss issue, where template parameter editors are not provided for forced template content, causing subsequent edits to save blank entries as the parameter values. The issue affects VaultWiki 4.1.0 RC 3, under vBulletin only.
VWE-2021-6218 is a Data Loss issue, where if a user edits an existing page that has text content so that the page would no longer have any text content and either previews the changes or receives submission errors, the editor is reloaded as though the text was unchanged. The issue affects all versions of VaultWiki 4.x; however, in the VaultWiki 4.1.x series, XenForo is unaffected.
Patches
The following patches address the aforementioned issues:- 4.1.2 Patch Level 2
- 4.1.1 Patch Level 7
- 4.1.0 Patch Level 9*
*A patch was issued for this version even though it reached its end-of-life before the patch date, because at least one of the addressed issues was identified prior to its end-of-life. However, we recommend that users update to a more recent patched version.