Yeswiki

Yeswiki

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2026-34598

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.04.2026 17:37:37
  • Zuletzt bearbeitet 10.04.2026 15:58:29

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend ...

6.1

CVE-2025-52277

Exploit
  • EPSS 0.09%
  • Veröffentlicht 09.09.2025 00:00:00
  • Zuletzt bearbeitet 17.10.2025 20:26:28

Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field

6.1

CVE-2025-46550

Exploit
  • EPSS 0.35%
  • Veröffentlicht 29.04.2025 20:41:01
  • Zuletzt bearbeitet 09.05.2025 13:59:35

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenti...

6.1

CVE-2025-46549

Exploit
  • EPSS 0.39%
  • Veröffentlicht 29.04.2025 20:40:26
  • Zuletzt bearbeitet 09.05.2025 13:59:06

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to ta...

9.8

CVE-2025-46348

Exploit
  • EPSS 0.44%
  • Veröffentlicht 29.04.2025 20:39:40
  • Zuletzt bearbeitet 09.05.2025 13:58:53

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and ...

4.8

CVE-2025-46350

Exploit
  • EPSS 0.2%
  • Veröffentlicht 29.04.2025 17:11:18
  • Zuletzt bearbeitet 09.05.2025 13:57:36

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to ta...

6.1

CVE-2025-46349

Exploit
  • EPSS 0.54%
  • Veröffentlicht 29.04.2025 17:11:10
  • Zuletzt bearbeitet 09.05.2025 13:56:42

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to per...

9.8

CVE-2025-46347

Exploit
  • EPSS 3.97%
  • Veröffentlicht 29.04.2025 17:11:05
  • Zuletzt bearbeitet 09.05.2025 13:56:01

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on...

5.4

CVE-2025-46346

Exploit
  • EPSS 0.27%
  • Veröffentlicht 29.04.2025 15:36:14
  • Zuletzt bearbeitet 09.05.2025 13:53:56

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored...

7.5

CVE-2025-31131

Exploit
  • EPSS 8.25%
  • Veröffentlicht 01.04.2025 15:16:07
  • Zuletzt bearbeitet 09.05.2025 14:04:06

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.