- Description
- YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the content edition feature and more specifically of the `{{attach}}` component allowing users to attach files/medias to a page. When a file is attached using the `{{attach}}` component, if the resource contained in the `file` attribute doesn't exist, then the server will generate a file upload button containing the filename. This vulnerability allows any malicious authenticated user that has the right to create a comment or edit a page to be able to steal accounts and therefore modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 7.6
- Impact score
- 4.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
- Severity
- HIGH
- security-advisories@github.com
- CWE-79
- Hype score
- Not currently trending
Last week with @Nishacid we dug into YesWiki, an open-source wiki system recommended by the French government OSS agency. We identified 3 "high" vulnerabilities: CVE-2025-24017, CVE-2025-24018, CVE-2025-24019 Feel free to check GitHub's advisories: https://t.co/RA3xogSuwr
@bWlrYQ
22 Jan 2025
19 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24018 YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment … https://t.co/JuGfZcSXWK
@CVEnew
21 Jan 2025
164 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes