CVE-2025-46349
published 2025-04-29CVE-2025-46349: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any…
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.58%
43.4th percentile
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| yeswiki | yeswiki | < 4.5.4 | 4.5.4 |
| yeswiki | yeswiki | 0 – 4.5.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
osv·2025-04-29
CVE-2025-46349 [HIGH] YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
### Summary
Reflected XSS has been detected in the file upload form. Vulnerability can be exploited without authentication
This Proof of Concept has been performed using the followings:
- YesWiki v4.5.3 (doryphore-dev branch)
- Docker environnment (docker/docker-compose.yml)
### Vulnerable code
The vulnerability is located in the [file](https://github.com/YesWiki/yeswiki/blob/6894234bbde6ab168bf4253f9a581bd24bf53766/tools/attach/libs/attach.lib.php#L724-L735)
```
public function showUploadForm()
{
$this->file = $_GET['file'];
echo '' . _t('ATTACH_UPLOAD_FORM_FOR_FILE') . ' ' . $this->file . "\n";
echo 'wiki->href('upload', $this->wiki->GetPageTag()) . "\">\n"
. ' wiki->GetPageTag() . "/upload\" />\n"
. ' attachConfig[
GHSA
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
ghsa·2025-04-29
CVE-2025-46349 [HIGH] CWE-79 YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
### Summary
Reflected XSS has been detected in the file upload form. Vulnerability can be exploited without authentication
This Proof of Concept has been performed using the followings:
- YesWiki v4.5.3 (doryphore-dev branch)
- Docker environnment (docker/docker-compose.yml)
### Vulnerable code
The vulnerability is located in the [file](https://github.com/YesWiki/yeswiki/blob/6894234bbde6ab168bf4253f9a581bd24bf53766/tools/attach/libs/attach.lib.php#L724-L735)
```
public function showUploadForm()
{
$this->file = $_GET['file'];
echo '' . _t('ATTACH_UPLOAD_FORM_FOR_FILE') . ' ' . $this->file . "\n";
echo 'wiki->href('upload', $this->wiki->GetPageTag()) . "\">\n"
. ' wiki->GetPageTag() . "/upload\" />\n"
. ' attachConfig[
No detection rules found.
Nuclei
YesWiki Reflected XSS via File Upload
nuclei·CVSS 6.1
CVE-2025-46349 [MEDIUM] YesWiki Reflected XSS via File Upload
YesWiki Reflected XSS via File Upload
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.
Template:
id: CVE-2025-46349
info:
name: YesWiki Reflected XSS via File Upload
author: Mahmoud Gamal
severity: high
description: |
YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in ve
No writeups or analysis indexed.
2025-04-29
Published