CVE-2025-46549

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.5.4

Description The issue allows an attacker to use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies enable the attacker to take over the user’s session. This may also allow attackers to deface the website or embed malicious content.

Recommendations For versions prior to 4.5.4, update to version 4.5.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the website to minimize the risk of session takeover until the update is applied.