257 matches found
CVE-2025-52277
CVE-2025-52277 is a Cross-Site Scripting (XSS) vulnerability in YesWiki v4.54. The issue arises from unsanitized input in the meta configuration’s robots field, allowing a remote attacker to execute arbitrary scripts in the user’s browser. Exploitation is performed via a crafted payload sent to t...
PT-2025-36740
Name of the Vulnerable Software and Affected Versions: YesWiki version 4.54 Description: YesWiki is susceptible to a cross-site scripting issue that enables a remote attacker to execute arbitrary code. The issue stems from a crafted payload delivered to the robots field within the meta...
CVE-2025-52277
Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field...
CVE-2025-52277
Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field...
Exploit for Path Traversal in Yeswiki
Blackash-CVE-2025-31131 CVE-2025-31131 - YesWiki 4.5.2 Path...
CVE-2021-43091
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form...
CVE-2018-1000641
YesWiki version = cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information...
Reflected Cross-Site Scripting (Reflected XSS)
yeswiki/yeswiki is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper sanitization of user input in the file upload form, which allows attackers to craft malicious links that execute arbitrary scripts in the victim’s browser...
Remote Code Execution (RCE)
yeswiki/yeswiki is vulnerable to Remote Code Execution RCE. The vulnerability is due to arbitrary file write, which allows attackers to upload PHP files that can be executed on the server...
Cross-Site Scripting (XSS)
yeswiki/yeswiki is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to insufficient sanitization of user-supplied input in URLs, which allows attackers to inject malicious scripts that are reflected in the server’s response...
Cross-Site Scripting (XSS)
yeswiki/yeswiki is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient input sanitization of the idformulaire parameter on the /?BazaR endpoint, which allows attackers to perform reflected cross-site scripting attacks to steal session cookies, hijack user sessions,...
CVE-2025-46550
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the /?BazaR endpoint and idformulaire parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link...
CVE-2025-46549
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...
CVE-2025-46348
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...
CVE-2025-46350
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...
CVE-2025-46347
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...
CVE-2025-46349
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...
CVE-2025-46346
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting XSS vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user...
CVE-2025-46550
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the /?BazaR endpoint and idformulaire parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link...
CVE-2025-46549
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...