ghsa-r9gv-qffm-xw6f
Vulnerability from github
Published
2025-04-29 14:35
Modified
2025-04-29 14:35
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
Details

Summary

Vulnerable Version: Yeswiki < v4.5.4 Category: Injection CWE: 79: Improper Neutralization of Input During Web Page Generation (CWE-79) CVSS: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Vulnerable Endpoint: /?BazaR/bazariframe Vulnerable Parameter: template Payload: <script>alert(1)</script>

Details

Reflected Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

PoC

  1. Visit the endpoint as mentioned below and see that an alert box pops up: URL with Payload: https://yeswiki.net/?BazaR/bazariframe&id=2&template=%3cscript%3ealert(1)%3c%2fscript%3e

Impact

An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.5.3"
      },
      "package": {
        "ecosystem": "Packagist",
        "name": "yeswiki/yeswiki"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-46549"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-29T14:35:20Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n**Vulnerable Version:** Yeswiki  \u003c v4.5.4\n**Category:** Injection\n**CWE: 79:** Improper Neutralization of Input During Web Page Generation (CWE-79)\n**CVSS:** 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n**Vulnerable Endpoint:** `/?BazaR/bazariframe`\n**Vulnerable Parameter:** `template`\n**Payload:** `\u003cscript\u003ealert(1)\u003c/script\u003e`\n\n### Details\nReflected Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.\n\n### PoC\n1. Visit the endpoint as mentioned below and see that an alert box pops up:\n   **URL with Payload:** `https://yeswiki.net/?BazaR/bazariframe\u0026id=2\u0026template=%3cscript%3ealert(1)%3c%2fscript%3e`\n\n### Impact\nAn attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content.",
  "id": "GHSA-r9gv-qffm-xw6f",
  "modified": "2025-04-29T14:35:20Z",
  "published": "2025-04-29T14:35:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r9gv-qffm-xw6f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/YesWiki/yeswiki/commit/107d43056adebaa0c731230f9fd010898e88f3f5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/YesWiki/yeswiki"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.