CVE-2025-46549

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-46549

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-46549.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-46549

Aliases

GHSA-r9gv-qffm-xw6f

Related

GHSA-r9gv-qffm-xw6f

Published

2025-04-29T21:15:52Z

Modified

2025-05-17T14:25:36.681751Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.

References

Affected packages

Git / github.com/yeswiki/yeswiki

Affected ranges

Type: GIT
Repo: https://github.com/yeswiki/yeswiki
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

107d43056adebaa0c731230f9fd010898e88f3f5

Affected versions

v4.*

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.2.0

v4.2.1

v4.2.2

v4.2.3

v4.2.4

v4.3.0

v4.3.1

v4.4.0

v4.4.1

v4.4.2

v4.4.3

v4.5.1

v4.5.2

v4.5.3