Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2025/01/21 3:37 p.m.4 views

CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS

YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...

7.6CVSS7.2AI score0.00337EPSS
Exploits1References2
CVE
CVE
added 2025/01/21 3:37 p.m.63 views

CVE-2025-24017

YesWiki DOM-based XSS (CVE-2025-24017) affects YesWiki up to version 4.4.5. The vulnerability stems from insufficient sanitization in the tag-search workflow: when a user-provided tag is reflected on pages, it can inject client-side script, enabling an attacker to craft a malicious link that trig...

7.6CVSS7.2AI score0.00337EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/01/21 3:37 p.m.7 views

CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS

YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...

7.6CVSS6.1AI score0.00337EPSS
Exploits1References4
Circl
Circl
added 2025/01/21 9:44 a.m.7 views

CVE-2025-24017

creationtimestamp| type| source ---|---|--- 2025-01-21 09:44:13+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wphc-5f2j-jhvg 2025-01-21 15:41:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113867102324757033 2025-01-21 16:00:41+00:00|...

7.6CVSS5.3AI score0.00337EPSS
Exploits1References6
Rows per page
Query Builder