CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...

CVE-2025-46349 YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been...

CVE-2025-24019

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager FPM on the host without any limitation on the filesystem's scope...

CVE-2025-24018

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the conten...

CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS

YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't...

CVE-2025-24017

YesWiki DOM-based XSS (CVE-2025-24017) affects YesWiki up to version 4.4.5. The vulnerability stems from insufficient sanitization in the tag-search workflow: when a user-provided tag is reflected on pages, it can inject client-side script, enabling an attacker to craft a malicious link that trig...

KonaWiki3 cross-site scripting vulnerability

KonaWiki3 is a very simple PHP Wiki engine.KonaWiki3 is vulnerable to cross-site scripting. An attacker can exploit this vulnerability to execute arbitrary scripts on a user's Web browser via specially crafted URLs...

PHP-Wiki 1.2/1.3 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5254/info PHP-Wiki does not sufficiently sanitize HTML from URI parameters, making it prone to cross-site scripting attacks. An attacker may exploit this condition by enticing users to visit a malicious link which contain...

LabWiki 1.5 Cross Site Scripting

Information -------------------- Name : XSS Vulnerabilities in LabWiki Software : LabWiki 1.5 and possibly below. Vendor Homepage : http://www.bioinformatics.org/phplabware/labwiki/index.php Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Referenc...

XML-RPC for PHP Remote Code Injection Vulnerability

Description XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access. XML-RPC for PHP 1.1 and prior...

PHP-Wiki 1.2/1.3 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5254/info PHP-Wiki does not sufficiently sanitize HTML from URI parameters, making it prone to cross-site scripting attacks. An attacker may exploit this condition by enticing users to visit a malicious link which contains attacker-supplied script code...

PHP-Wiki 1.21.3 - Cross-Site Scripting

PHP-Wiki 1.21.3 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5254/info PHP-Wiki does not sufficiently sanitize HTML from URI parameters, making it prone to cross-site scripting attacks. An attacker may exploit this condition by enticing users to visit a malicious link which...