Stored XSS in YesWiki Wiki System Allows Malicious Data Access
CVE-2025-24018

7.6HIGH

Key Information:

Vendor
Yeswiki
Status
Yeswiki
Vendor
CVE Published:
21 January 2025

Summary

YesWiki, a PHP-based wiki system, is vulnerable to a stored XSS attack in versions 4.4.5 and earlier. Authenticated users with rights to edit or comment can exploit the 'attach' component, which allows the upload and attachment of files to wiki pages. If a non-existent file is attached, the server improperly generates an upload button revealing the filename, which can be manipulated to execute malicious scripts. This vulnerability potentially allows attackers to compromise user accounts and modify content, as well as to exfiltrate sensitive user data, thereby affecting the integrity, availability, and confidentiality of the YesWiki instance. Users are advised to upgrade to version 4.5.0 or later, where this issue has been addressed.

Affected Version(s)

yeswiki < 4.5.0

References

https://github.com/YesWiki/yeswiki/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/YesWiki/yeswiki/commit/c1e28b593949579...
x_refsource_MISC
https://github.com/YesWiki/yeswiki/blob/v4.4.5/tools/atta...
x_refsource_MISC

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.