Lucene search
+L

257 matches found

CVE
CVE
added 2025/09/09 12:0 a.m.18 views

CVE-2025-52277

CVE-2025-52277 is a Cross-Site Scripting (XSS) vulnerability in YesWiki v4.54. The issue arises from unsanitized input in the meta configuration’s robots field, allowing a remote attacker to execute arbitrary scripts in the user’s browser. Exploitation is performed via a crafted payload sent to t...

6.1CVSS6.7AI score0.00368EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.7 views

PT-2025-36740

Name of the Vulnerable Software and Affected Versions: YesWiki version 4.54 Description: YesWiki is susceptible to a cross-site scripting issue that enables a remote attacker to execute arbitrary code. The issue stems from a crafted payload delivered to the robots field within the meta...

6.1CVSS6.1AI score0.00368EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/09/09 12:0 a.m.6 views

CVE-2025-52277

Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field...

6.7AI score0.00368EPSS
Exploits1References1
OSV
OSV
added 2025/09/09 12:0 a.m.7 views

CVE-2025-52277

Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field...

6.1CVSS7.1AI score0.00368EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2025/06/07 9:18 a.m.346 views

Exploit for Path Traversal in Yeswiki

Blackash-CVE-2025-31131 CVE-2025-31131 - YesWiki 4.5.2 Path...

8.6CVSS7.7AI score0.05366EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2025/05/22 6:52 p.m.9 views

CVE-2021-43091

An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form...

7.5CVSS8.1AI score0.0139EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 1:14 p.m.8 views

CVE-2018-1000641

YesWiki version = cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information...

9.8CVSS7.3AI score0.02491EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/07 6:14 a.m.9 views

Reflected Cross-Site Scripting (Reflected XSS)

yeswiki/yeswiki is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the file upload form, which allows attackers to craft malicious links that execute arbitrary scripts in the victim’s browser...

7.6CVSS6.5AI score0.00582EPSS
Exploits1References6Affected Software1
Veracode
Veracode
added 2025/05/07 5:24 a.m.21 views

Remote Code Execution (RCE)

yeswiki/yeswiki is vulnerable to Remote Code Execution RCE. The vulnerability is due to arbitrary file write, which allows attackers to upload PHP files that can be executed on the server...

9.8CVSS7.5AI score0.00821EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/05/07 5:20 a.m.9 views

Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient sanitization of user-supplied input in URLs, which allows attackers to inject malicious scripts that are reflected in the server’s response...

4.8CVSS6.1AI score0.00241EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/05/07 5:19 a.m.10 views

Cross-Site Scripting (XSS)

yeswiki/yeswiki is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization of the idformulaire parameter on the /?BazaR endpoint, which allows attackers to perform reflected cross-site scripting attacks to steal session cookies, hijack user sessions,...

6.1CVSS5.7AI score0.00498EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/01 9:18 p.m.15 views

CVE-2025-46550

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the /?BazaR endpoint and idformulaire parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link...

6.1CVSS5.9AI score0.00498EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/01 9:18 p.m.14 views

CVE-2025-46549

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

6.1CVSS6AI score0.00498EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/01 9:18 p.m.20 views

CVE-2025-46348

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...

10CVSS6.5AI score0.00569EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/01 5:24 p.m.14 views

CVE-2025-46350

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

4.8CVSS6AI score0.00241EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/01 5:22 p.m.15 views

CVE-2025-46347

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

9.8CVSS8.4AI score0.00821EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/01 5:18 p.m.9 views

CVE-2025-46349

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

7.6CVSS6.2AI score0.00582EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/01 4:26 p.m.22 views

CVE-2025-46346

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...

6.3CVSS5.1AI score0.00276EPSS
Exploits1References1
NVD
NVD
added 2025/04/29 9:15 p.m.35 views

CVE-2025-46550

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the /?BazaR endpoint and idformulaire parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link...

6.1CVSS0.00498EPSS
Exploits1References2
NVD
NVD
added 2025/04/29 9:15 p.m.49 views

CVE-2025-46549

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...

6.1CVSS0.00498EPSS
Exploits1References2
Rows per page
Query Builder