4 matches found
CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...
CVE-2025-24017
YesWiki DOM-based XSS (CVE-2025-24017) affects YesWiki up to version 4.4.5. The vulnerability stems from insufficient sanitization in the tag-search workflow: when a user-provided tag is reflected on pages, it can inject client-side script, enabling an attacker to craft a malicious link that trig...
CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...
CVE-2025-24017
creationtimestamp| type| source ---|---|--- 2025-01-21 09:44:13+00:00| published-proof-of-concept| https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wphc-5f2j-jhvg 2025-01-21 15:41:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113867102324757033 2025-01-21 16:00:41+00:00|...