CVE-2025-46349

Опубликовано: 29 апр. 2025

Источник: nvd

CVSS3: 7.6

CVSS3: 6.1

EPSS Низкий

Описание

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.

Ссылки

https://github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524
Patch
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2
Exploit
Vendor Advisory
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yeswiki:yeswiki:*:*:*:*:*:*:*:*

Версия до 4.5.4 (исключая)

EPSS

Процентиль: 27%

0.00091

Низкий

7.6 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-2f8p-qqx2-gwr2

CVSS3: 7.6

github

4 месяца назад

YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

EPSS

Процентиль: 27%

0.00091

Низкий

7.6 High

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79