CVE-2025-46550 - Vulnerability Details - OpenCVE

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp

History

Tue, 29 Apr 2025 21:00:00 +0000

Type	Values Removed	Values Added
Description		YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.
Title		Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
Weaknesses		CWE-79
References		https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-04-29T20:41:01.879Z

Updated: 2025-04-30T13:18:28.094Z

Reserved: 2025-04-24T21:10:48.173Z

Link: CVE-2025-46550

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-04-29T21:15:52.467

Modified: 2025-04-30T14:15:30.170

Link: CVE-2025-46550

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46550", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-04-24T21:10:48.173Z", "datePublished": "2025-04-29T20:41:01.879Z", "dateUpdated": "2025-04-30T13:18:28.094Z"}, "containers": {"cna": {"title": "Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp"}, {"name": "https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a", "tags": ["x_refsource_MISC"], "url": "https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a"}], "affected": [{"vendor": "YesWiki", "product": "yeswiki", "versions": [{"version": "< 4.5.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-04-29T20:41:01.879Z"}, "descriptions": [{"lang": "en", "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4."}], "source": {"advisory": "GHSA-ggqx-43h2-55jp", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-30T13:18:25.113499Z", "id": "CVE-2025-46550", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-30T13:18:28.094Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4."}, {"lang": "es", "value": "YesWiki es un sistema wiki escrito en PHP. Antes de la versi\u00f3n 4.5.4, el endpoint `/?BazaR` y el par\u00e1metro `idformulaire` eran vulnerables a ataques de cross-site scripting. Un atacante puede usar un ataque de cross-site scripting reflejado para robar cookies de un usuario autenticado al hacer que haga clic en un enlace malicioso. Las cookies robadas permiten al atacante controlar la sesi\u00f3n del usuario. Esta vulnerabilidad tambi\u00e9n puede permitir a los atacantes desfigurar el sitio web o incrustar contenido malicioso. Este problema se ha corregido en la versi\u00f3n 4.5.4."}], "id": "CVE-2025-46550", "lastModified": "2025-04-30T14:15:30.170", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-04-29T21:15:52.467", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a"}, {"source": "security-advisories@github.com", "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}