CVE-2025-24018
- EPSS 0.07%
- Veröffentlicht 21.01.2025 17:15:16
- Zuletzt bearbeitet 09.05.2025 14:02:53
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is lo...
CVE-2025-24017
- EPSS 0.13%
- Veröffentlicht 21.01.2025 16:15:15
- Zuletzt bearbeitet 09.05.2025 14:05:15
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of th...
CVE-2024-51478
- EPSS 0.15%
- Veröffentlicht 31.10.2024 17:15:13
- Zuletzt bearbeitet 09.05.2025 14:06:43
YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4....
CVE-2021-43091
- EPSS 0.15%
- Veröffentlicht 25.03.2022 17:15:08
- Zuletzt bearbeitet 21.11.2024 06:28:40
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.
CVE-2018-1000641
- EPSS 0.82%
- Veröffentlicht 20.08.2018 19:31:36
- Zuletzt bearbeitet 21.11.2024 03:40:18
YesWiki version <= cercopitheque beta 1 contains a PHP Object Injection vulnerability in Unserialising user entered parameter in i18n.inc.php that can result in execution of code, disclosure of information.