8 matches found
PT-2025-47511
Name of the Vulnerable Software and Affected Versions Rallly versions prior to 4.5.4 Description An authorization issue exists in Rallly, a scheduling and collaboration tool. An authenticated user can manipulate the pollId parameter to reopen finalized polls owned by other users. This can disrupt...
CVE-2025-46550 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the /?BazaR endpoint and idformulaire parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link...
CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...
CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated...
CVE-2025-46350
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...
CVE-2025-46347
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...
CVE-2025-46350 Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability...
CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...