CVE-2025-46550 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the /?BazaR endpoint and idformulaire parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link...

PT-2025-18210 · Yeswiki · Yeswiki

Name of the Vulnerable Software and Affected Versions: YesWiki versions prior to 4.5.4 Description: The issue allows a malicious user to create and download site backups without authentication. This could result in a malicious attacker making numerous requests to create archives and fill up the...