Yeswiki

Yeswiki

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-52277

  • EPSS 0.06%
  • Veröffentlicht 09.09.2025 00:00:00
  • Zuletzt bearbeitet 10.09.2025 14:15:37

Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field

6.1

CVE-2025-46550

Exploit
  • EPSS 0.03%
  • Veröffentlicht 29.04.2025 20:41:01
  • Zuletzt bearbeitet 09.05.2025 13:59:35

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenti...

6.1

CVE-2025-46549

Exploit
  • EPSS 0.03%
  • Veröffentlicht 29.04.2025 20:40:26
  • Zuletzt bearbeitet 09.05.2025 13:59:06

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to ta...

9.8

CVE-2025-46348

Exploit
  • EPSS 0.15%
  • Veröffentlicht 29.04.2025 20:39:40
  • Zuletzt bearbeitet 09.05.2025 13:58:53

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and ...

4.8

CVE-2025-46350

Exploit
  • EPSS 0.03%
  • Veröffentlicht 29.04.2025 17:11:18
  • Zuletzt bearbeitet 09.05.2025 13:57:36

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to ta...

6.1

CVE-2025-46349

Exploit
  • EPSS 0.05%
  • Veröffentlicht 29.04.2025 17:11:10
  • Zuletzt bearbeitet 09.05.2025 13:56:42

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to per...

9.8

CVE-2025-46347

Exploit
  • EPSS 0.66%
  • Veröffentlicht 29.04.2025 17:11:05
  • Zuletzt bearbeitet 09.05.2025 13:56:01

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on...

5.4

CVE-2025-46346

Exploit
  • EPSS 0.03%
  • Veröffentlicht 29.04.2025 15:36:14
  • Zuletzt bearbeitet 09.05.2025 13:53:56

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored...

7.5

CVE-2025-31131

Exploit
  • EPSS 8.42%
  • Veröffentlicht 01.04.2025 15:16:07
  • Zuletzt bearbeitet 09.05.2025 14:04:06

YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.

7.1

CVE-2025-24019

Exploit
  • EPSS 0.25%
  • Veröffentlicht 21.01.2025 18:15:17
  • Zuletzt bearbeitet 09.05.2025 14:04:35

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host w...