Mrflos

**Name of the Vulnerable Software and Affected Versions** YesWiki versions prior to 4.5.4 **Description** The issue is related to reflected XSS in the file upload form, allowing malicious unauthenticated users to create links that can perform arbitrary actions when clicked by a victim. **Recommendations** For versions prior to 4.5.4, update to version 4.5.4 to resolve the issue. As a temporary workaround, consider restricting access to the file upload form until the update is applied.