Lucene search
+L

257 matches found

CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

YesWiki SQL注入漏洞

YesWiki is a wiki system built with PHP, developed by the French organization YesWiki. It is used for creating and managing websites in a collaborative manner. Versions of YesWiki prior to 4.6.1 had a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of the...

8.8CVSS5.8AI score0.00342EPSS
Exploits0References1
OSV
OSV
added 2026/04/18 1:0 a.m.11 views

GHSA-F58V-P6J9-24C2 YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...

8.8CVSS5.9AI score0.00342EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/18 1:0 a.m.7 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the formatDataBeforeSave process. An attacker can execute arbitrary SQL commands by supplying crafted input to the idfiche parameter, which is concatenated directly into a SQL query without sanitization. Remediation...

8.8CVSS6.1AI score0.00342EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/18 1:0 a.m.15 views

YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()

Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...

8.8CVSS5.9AI score0.00342EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/18 12:0 a.m.17 views

PT-2026-37109

Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.1 Description The bazar module contains a SQL injection flaw in the tools/bazar/services/EntryManager.php file. The issue occurs because the id fiche value, sourced from the $ POST'id fiche' variable, is...

8.8CVSS6.1AI score0.00342EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/03 11:2 p.m.9 views

CVE-2026-34598

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

7.1CVSS5.8AI score0.00213EPSS
Exploits1References1
NVD
NVD
added 2026/04/02 6:16 p.m.8 views

CVE-2026-34598

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

7.1CVSS0.00213EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/02 5:37 p.m.2 views

CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

7.1CVSS5.8AI score0.00213EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:37 p.m.4 views

CVE-2026-34598

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

7.1CVSS5.8AI score0.00213EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/02 5:37 p.m.28 views

CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

7.1CVSS0.00213EPSS
Exploits1References2
CVE
CVE
added 2026/04/02 5:37 p.m.30 views

CVE-2026-34598

Summary: CVE-2026-34598 affects YesWiki (PHP) prior to version 4.6.0, which contains a stored and blind XSS vulnerability in the form title field. An unauthenticated attacker can inject JavaScript via a saved form title, causing the payload to execute in any user’s browser when the affected page ...

7.1CVSS5.8AI score0.00213EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/02 5:37 p.m.5 views

CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

7.1CVSS5.9AI score0.00213EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.11 views

YesWiki 安全漏洞

YesWiki is a wiki system built using PHP by the French organization YesWiki. It is used for creating and managing websites in a collaborative manner. Versions of YesWiki prior to 4.6.0 contained security vulnerabilities; these vulnerabilities stemmed from cross-site scripting vulnerabilities in t...

7.1CVSS5.7AI score0.00213EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 12:24 a.m.2 views

GHSA-5724-X3RH-5QQQ YesWiki has Multiple Reflected Cross-site Scripting Vulnerabilities

Summary Multiple reflected Cross-site Scripting XSS vulnerabilities across both authenticated and unauthenticated portions of the application. These findings present a significant security risk, as they can be leveraged to execute arbitrary JavaScript in a victim’s browser under various contexts...

5.3CVSS6.6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/01 12:24 a.m.10 views

YesWiki has Multiple Reflected Cross-site Scripting Vulnerabilities

Summary Multiple reflected Cross-site Scripting XSS vulnerabilities across both authenticated and unauthenticated portions of the application. These findings present a significant security risk, as they can be leveraged to execute arbitrary JavaScript in a victim’s browser under various contexts...

6.6AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/01 12:13 a.m.2 views

GHSA-37FQ-47QJ-6J5J YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"

Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...

7.1CVSS6AI score0.00213EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/01 12:13 a.m.12 views

YesWiki has Persistent Blind XSS at "/?BazaR&vue=consulter"

Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...

7.1CVSS6AI score0.00213EPSS
Exploits1References4Affected Software1
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.7 views

YesWiki <= 4.5.1 - Cross-Site Scripting

YesWiki alertdocument.domain","YesWiki"' - 'statuscode == 200' - 'containscontenttype, "text/html"' condition: and digest: 4a0a0047304502200362ca1190c63e21f2923bf08de7cb7da7b574446b257e6007dfd76d97c7ed0b02210097168371a37ae69e386417974c7fa650ac4099a59a65f245bd361ac61d391a41:922c64590222798b...

6.1CVSS5AI score0.00498EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.160 views

📄 YesWiki Directory Traversal

YesWiki versions prior to 4.5.2 are vulnerable to an unauthenticated path traversal vulnerability through the squelette parameter. A remote attacker can leverage this flaw to read arbitrary files on the target system...

8.6CVSS7.1AI score0.05366EPSS
Exploits6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-4995

Malware in sbrugna...

9.8CVSS9.4AI score0.03213EPSS
Exploits5References4
Rows per page
Query Builder