Issue List
VWE-2022-6401 is an HTML Injection issue, where a flaw in the cropping of overly-long WIKI BB-Code content may allow a malicious user to modify the expected contents of HTML blocks outside of the intended user-generated content locations. The issue affects VaultWiki 4.1.0 Beta 4 and higher.VWE-2022-6406 is a Data Loss issue, where uploading an update to an existing wiki attachment, while attachment history is disabled, can result in an attachment with no file data. The issue affects VaultWiki 4.1.1 and higher.
VWE-2022-6411 is a Data Loss issue, where some database updates that are triggered by CLI-based cron jobs are never applied to the database. The issue affects VaultWiki 4.1.0 Alpha 1 and higher, on XenForo 2.x platforms only.
Patches
The following patches address the aforementioned issues:- 4.1.4 Patch Level 1
- 4.1.3 Patch Level 3
- 4.1.2 Patch Level 6