CVE-2025-24017

Published Jan 21, 2025

Last updated 10 months ago

CVSS high 7.6

Overview

Description
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't exist, the tag is reflected on the page and isn't properly sanitized on the server side which allows a malicious user to generate a link that will trigger an XSS on the client's side when clicked. This vulnerability allows any user to generate a malicious link that will trigger an account takeover when clicked, therefore allowing a user to steal other accounts, modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.
Source
security-advisories@github.com
NVD status
Analyzed
Products
yeswiki

Risk scores

CVSS 3.1

Type
Primary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-79

Social media

Hype score
Not currently trending

  1. "type": "Reflected XSS: Script Tag Injection", "url":"https://t.co/SuJ7mcyhEb", "parameter": "destination" "payload": "<iframe srcdoc=\"<script>alert(parent.document.domain)</script>\">", "severity": "High", "cve_related": [ "CVE-2025-2

    @Prem_chicky

    16 Nov 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Last week with @Nishacid we dug into YesWiki, an open-source wiki system recommended by the French government OSS agency. We identified 3 "high" vulnerabilities: CVE-2025-24017, CVE-2025-24018, CVE-2025-24019 Feel free to check GitHub's advisories: https://t.co/RA3xogSuwr

    @bWlrYQ

    22 Jan 2025

    19 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots fieldCVE-2025-52277
  2. YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.CVE-2025-46550
  3. YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.CVE-2025-46549
  4. YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.CVE-2025-46348
  5. YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.CVE-2025-46350

References

Sources include official advisories and independent security research.