Yeswiki

Yeswiki

18 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-52778

  • EPSS 0.56%
  • Veröffentlicht 08.06.2026 18:24:21
  • Zuletzt bearbeitet 09.06.2026 17:17:50

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sanitize user-defined mathematical formulas using a c...

8.8

CVE-2026-41143

  • EPSS 0.34%
  • Veröffentlicht 07.05.2026 05:08:23
  • Zuletzt bearbeitet 07.05.2026 15:43:39

YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']) is concat...

6.1

CVE-2026-34598

Exploit
  • EPSS 0.21%
  • Veröffentlicht 02.04.2026 17:37:37
  • Zuletzt bearbeitet 10.04.2026 15:58:29

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend ...

6.1

CVE-2025-52277

Exploit
  • EPSS 0.4%
  • Veröffentlicht 09.09.2025 00:00:00
  • Zuletzt bearbeitet 17.10.2025 20:26:28

Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field

6.1

CVE-2025-46550

Exploit
  • EPSS 0.5%
  • Veröffentlicht 29.04.2025 20:41:01
  • Zuletzt bearbeitet 09.05.2025 13:59:35

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenti...

6.1

CVE-2025-46549

Exploit
  • EPSS 0.5%
  • Veröffentlicht 29.04.2025 20:40:26
  • Zuletzt bearbeitet 09.05.2025 13:59:06

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to ta...

9.8

CVE-2025-46348

Exploit
  • EPSS 0.57%
  • Veröffentlicht 29.04.2025 20:39:40
  • Zuletzt bearbeitet 09.05.2025 13:58:53

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and ...

4.8

CVE-2025-46350

Exploit
  • EPSS 0.24%
  • Veröffentlicht 29.04.2025 17:11:18
  • Zuletzt bearbeitet 09.05.2025 13:57:36

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to ta...

6.1

CVE-2025-46349

Exploit
  • EPSS 0.58%
  • Veröffentlicht 29.04.2025 17:11:10
  • Zuletzt bearbeitet 09.05.2025 13:56:42

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to per...

9.8

CVE-2025-46347

Exploit
  • EPSS 0.82%
  • Veröffentlicht 29.04.2025 17:11:05
  • Zuletzt bearbeitet 09.05.2025 13:56:01

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on...