CVE-2025-46549

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Apr 29, 2025
Updated: May 9, 2025
CWE ID 79

Summary

CVE-2025-46549 is a reflected cross-site scripting (XSS) vulnerability affecting YesWiki, a PHP-based wiki system. Prior to version 4.5.4, the software fails to adequately sanitize user input, enabling an attacker to inject malicious scripts into a webpage. By creating a malicious link, an attacker can trick an authenticated user into clicking it, thereby stealing their cookies and hijacking their session. This security flaw can also be exploited to deface the website or embed malicious content, making it essential for users to upgrade to version 4.5.4 to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share