High severityNVD Advisory· Published Apr 29, 2025· Updated Apr 29, 2025
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
CVE-2025-46349
Description
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yeswiki/yeswikiPackagist | <= 4.5.3 | — |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-2f8p-qqx2-gwr2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-46349ghsaADVISORY
- github.com/YesWiki/yeswiki/blob/6894234bbde6ab168bf4253f9a581bd24bf53766/tools/attach/libs/attach.lib.phpghsaWEB
- github.com/YesWiki/yeswiki/commit/0dac9e2fb2a5e69f13a3c9f761ecae6ed9676206ghsaWEB
- github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524ghsax_refsource_MISCWEB
- github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.