CVE-2025-24018

Name of the Vulnerable Software and Affected Versions YesWiki versions up to and including 4.4.5

Description The vulnerability allows an authenticated user with rights to edit or create a page or comment to trigger a stored XSS attack, which can be reflected on any page where the resource is loaded. This issue utilizes the content editing feature, specifically the {{attach}} component, which permits users to attach files or media to a page. If the resource in the file attribute does not exist, the server generates a file upload button containing the filename, enabling malicious users to steal accounts, modify pages, comments, and permissions, and extract user data like emails.

Recommendations For versions up to and including 4.4.5, update to version 4.5.0, which contains a patch for the issue. As a temporary workaround, consider sanitizing the filename attribute in the showFileNotExits() function to prevent the execution of malicious JavaScript code. Implement a stronger password reset mechanism, such as not showing a password reset link to an already logged-in user, generating a password reset link when a reset is requested by a user and sending it by mail, and adding an expiration date to the token. Implement a strong Content Security Policy to mitigate other XSS sinks.