CVE-2025-24017

CVSS 3.1 Score 7.6 of 10 (high)

Details

Published Jan 21, 2025

CWE ID 79

Summary

CVE-2025-24017 is a DOM-based XSS vulnerability affecting YesWiki, a PHP-based wiki system. Versions up to 4.4.5 are susceptible to this issue, which can be exploited by any user creating a malicious link. The flaw lies in the search by tag feature, where tags that do not exist are not properly sanitized on the server side. This allows a malicious user to generate a link that triggers XSS when clicked, leading to account takeover, page modification, comment manipulation, permission adjustment, and data extraction (including emails). These attacks pose risks to the YesWiki instance's integrity, availability, and confidentiality. Version 4.5.0 includes a patch to resolve this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Yeswiki

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners