CVE-2025-46349

High CVSS: 7.6

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.

Vendor

Yeswiki

Product

Yeswiki

CWE

CWE-79

Yayın Tarihi

2025-04-29 18:15:44

Güncelleme

2025-05-09 13:56:42

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Yeswiki HIGH Yeswiki 2025

Referanslar

https://github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524 https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2 https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2

Benzer Kayıtlar

Medium

CVE-2025-52277

Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted pa…

Critical

CVE-2025-46348

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed…

Medium

CVE-2025-46549

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting at…

Medium

CVE-2025-46550

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are…

Medium

CVE-2025-46347

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitra…

Low

CVE-2025-46350

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting at…