CVE-2025-24017

Name of the Vulnerable Software and Affected Versions YesWiki versions up to and including 4.4.5

Description The vulnerability allows any end-user to craft a DOM based XSS on all of YesWiki's pages, which is triggered when a user clicks on a malicious link. This issue makes use of the search by tag feature, where if a tag doesn't exist, it is reflected on the page and isn't properly sanitized on the server side. This enables a malicious user to generate a link that will trigger an XSS on the client's side when clicked, potentially leading to account takeover, modification of pages, comments, permissions, extraction of user data, and impacting the integrity, availability, and confidentiality of a YesWiki instance.

Recommendations For versions up to and including 4.4.5, update to version 4.5.0 or later, which contains a patch for the issue. As a temporary workaround, consider sanitizing the tag names when created and looked for, to prevent client-side code execution. Implement a stronger password reset mechanism, such as not showing a password reset link to an already logged-in user, generating a password reset link when a reset is requested by a user and only sending it by mail, and adding an expiration date to the token. Consider implementing a strong Content Security Policy to mitigate other XSS sinks.