5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-46549

GHSA ID

GHSA-r9gv-qffm-xw6f

EPSS Score

0.16283%

CWE

CWE-79

Published

4/29/2025

Updated

4/30/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-46549

CVE-2025-46549:
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

Summary

Vulnerable Version: Yeswiki < v4.5.4 Category: Injection CWE: 79: Improper Neutralization of Input During Web Page Generation (CWE-79) CVSS: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Vulnerable Endpoint: /?BazaR/bazariframe Vulnerable Parameter: template Payload: <script>alert(1)</script>

Details

Reflected Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

PoC

Visit the endpoint as mentioned below and see that an alert box pops up: URL with Payload: https://yeswiki.net/?BazaR/bazariframe&id=2&template=%3cscript%3ealert(1)%3c%2fscript%3e

Impact

An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content.

(GitHub Advisory)

5.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-46549

GHSA ID

GHSA-r9gv-qffm-xw6f

EPSS Score

0.16283%

CWE

CWE-79

Published

4/29/2025

Updated

4/30/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
yeswiki/yeswiki	composer	<= 4.5.3	4.5.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a reflected XSS in the 'template' parameter. The provided commit 107d43056adebaa0c731230f9fd010898e88f3f5 shows a modification in the tools/bazar/actions/BazarListeAction.php file, specifically within the formatArguments method of the BazarListeAction class. The patch introduces htmlspecialchars() to sanitize the $template variable, which is derived from user input ($_GET['template']). This directly addresses the XSS vulnerability by ensuring that any HTML characters in the 'template' parameter are encoded, preventing script injection. Therefore, the BazarListeAction::formatArguments function was the vulnerable function as it processed the unsanitized user input before the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Summ*ry **Vuln*r**l* V*rsion:** Y*swiki < v*.*.* ****t**ory:** Inj**tion ***W*: **:** Improp*r N*utr*liz*tion o* Input *urin* W** P*** **n*r*tion (*W*-**) ***VSS:** *.* (*VSS:*.*/*V:N/**:L/PR:N/UI:N/S:U/*:N/I:L/*:N) **Vuln*r**l* *n*point:** `/?*

Reasoning

T** vuln*r**ility is * r**l**t** XSS in t** 't*mpl*t*' p*r*m*t*r. T** provi*** *ommit `****************************************` s*ows * mo*i*i**tion in t** `tools/**z*r/**tions/**z*rList***tion.p*p` *il*, sp**i*i**lly wit*in t** `*orm*t*r*um*nts` m*

5.3

Basic Information

Concerned about an active attack path?

CVE-2025-46549: Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

Summary

Details

PoC

Impact

5.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-46549:
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting

Vulnerability Intelligence
Miggo AI