DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-5724-X3RH-5QQQ: CVE-2025-46349: Reflected Cross-Site Scripting in YesWiki File Upload

#security #cve #cybersecurity

CVE-2025-46349: Reflected Cross-Site Scripting in YesWiki File Upload

Vulnerability ID: GHSA-5724-X3RH-5QQQ
CVSS Score: 7.6
Published: 2026-04-01

YesWiki versions prior to 4.5.4 contain multiple Reflected Cross-Site Scripting (XSS) vulnerabilities due to improper neutralization of user-supplied input. An unauthenticated attacker can execute arbitrary JavaScript in a victim's session by crafting a malicious URL containing a payload within the file parameter.

TL;DR

A reflected XSS flaw in YesWiki's file upload and group management features allows unauthenticated attackers to execute JavaScript via a crafted link. Upgrading to version 4.5.4 remediates the vulnerability.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-79
  • Attack Vector: Network
  • CVSS Score: 7.6 (High)
  • EPSS Score: 0.00542
  • Impact: Session Hijacking, Arbitrary Action Execution
  • Exploit Status: PoC Available
  • KEV Status: Not Listed

Affected Systems

  • YesWiki prior to version 4.5.4
  • yeswiki/yeswiki: < 4.5.4 (Fixed in: 4.5.4)

Code Analysis

Commit: 0dac9e2

Primary fix for file upload Reflected XSS

Commit: 6894234

Initial fix for group management XSS

Exploit Details

  • Vulnerability Analysis: Demonstrates exploitation by targeting the /?PagePrincipale/upload path with a crafted file parameter containing tags.</li> </ul> <h2> <a name="mitigation-strategies" href="#mitigation-strategies" class="anchor"> </a> Mitigation Strategies </h2> <ul> <li>Update YesWiki to version 4.5.4 or later.</li> <li>Deploy a Web Application Firewall (WAF) to filter malicious XSS payloads in query parameters.</li> <li>Enforce Content Security Policy (CSP) headers to restrict inline script execution.</li> </ul> <p><strong>Remediation Steps:</strong></p> <ol> <li>Download the YesWiki 4.5.4 release from the official repository.</li> <li>Back up the existing YesWiki installation and database structures.</li> <li>Apply the update by replacing the core files, explicitly verifying that <code>tools/attach/libs/attach.lib.php</code> and <code>actions/EditGroupsAction.php</code> are updated.</li> <li>Verify the integrity of the updated files and continuously monitor web server access logs for anomalous parameter queries.</li> </ol> <h2> <a name="references" href="#references" class="anchor"> </a> References </h2> <ul> <li><a href="https://github.com/advisories/GHSA-5724-X3RH-5QQQ">GitHub Security Advisory: GHSA-5724-X3RH-5QQQ</a></li> <li><a href="https://nvd.nist.gov/vuln/detail/CVE-2025-46349">NVD Vulnerability Detail: CVE-2025-46349</a></li> <li><a href="https://github.com/YesWiki/yeswiki/commit/0dac9e2fb2a5e69f13a3c9f761ecae6ed9676206">Fix Commit (Attach Module)</a></li> <li><a href="https://github.com/YesWiki/yeswiki/commit/6894234bbde6ab168bf4253f9a581bd24bf53766">Fix Commit (Groups Module)</a></li> </ul> <hr> <p><em><a href="https://cvereports.com/reports/GHSA-5724-X3RH-5QQQ">Read the full report for GHSA-5724-X3RH-5QQQ on our website</a> for more details including interactive diagrams and full exploit analysis.</em></p>

Top comments (0)