CVE-2025-46549
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Summary
CVE-2025-46549 is a reflected cross-site scripting (XSS) vulnerability affecting YesWiki, a PHP-based wiki system. Prior to version 4.5.4, the software fails to adequately sanitize user input, enabling an attacker to inject malicious scripts into a webpage. By creating a malicious link, an attacker can trick an authenticated user into clicking it, thereby stealing their cookies and hijacking their session. This security flaw can also be exploited to deface the website or embed malicious content, making it essential for users to upgrade to version 4.5.4 to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Yeswiki