PT-2025-18196 · Yeswiki · Yeswiki
Mrflos
·
Published
2025-04-29
·
Updated
2026-01-12
·
CVE-2025-46349
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
YesWiki versions prior to 4.5.4
Description
The issue is related to reflected XSS in the file upload form, allowing malicious unauthenticated users to create links that can perform arbitrary actions when clicked by a victim.
Recommendations
For versions prior to 4.5.4, update to version 4.5.4 to resolve the issue. As a temporary workaround, consider restricting access to the file upload form until the update is applied.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yeswiki