Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/yeswiki/yeswiki@4.4.5
Typecomposer
Namespaceyeswiki
Nameyeswiki
Version4.4.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.6.1
Latest_non_vulnerable_version4.6.4
Affected_by_vulnerabilities
0
url VCID-1rgx-642j-6bez
vulnerability_id VCID-1rgx-642j-6bez
summary YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46349
reference_id
reference_type
scores
0
value 0.00334
scoring_system epss
scoring_elements 0.56729
published_at 2026-06-12T12:55:00Z
1
value 0.00334
scoring_system epss
scoring_elements 0.56733
published_at 2026-06-14T12:55:00Z
2
value 0.00334
scoring_system epss
scoring_elements 0.56744
published_at 2026-06-13T12:55:00Z
3
value 0.00358
scoring_system epss
scoring_elements 0.58414
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46349
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://github.com/YesWiki/yeswiki/blob/6894234bbde6ab168bf4253f9a581bd24bf53766/tools/attach/libs/attach.lib.php#L724-L735
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki/blob/6894234bbde6ab168bf4253f9a581bd24bf53766/tools/attach/libs/attach.lib.php#L724-L735
3
reference_url https://github.com/YesWiki/yeswiki/commit/0dac9e2fb2a5e69f13a3c9f761ecae6ed9676206
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki/commit/0dac9e2fb2a5e69f13a3c9f761ecae6ed9676206
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46349
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46349
5
reference_url https://github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524
reference_id 6edde40eb7eeb5d60619ac4d1e0a0422d92e9524
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:01:18Z/
url https://github.com/YesWiki/yeswiki/pull/1264/commits/6edde40eb7eeb5d60619ac4d1e0a0422d92e9524
6
reference_url https://github.com/advisories/GHSA-2f8p-qqx2-gwr2
reference_id GHSA-2f8p-qqx2-gwr2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2f8p-qqx2-gwr2
7
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2
reference_id GHSA-2f8p-qqx2-gwr2
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:01:18Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-2f8p-qqx2-gwr2
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.4
purl pkg:composer/yeswiki/yeswiki@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-314j-emdm-t7bh
1
vulnerability VCID-6e7h-385p-zbak
2
vulnerability VCID-g1rj-vehc-3qe2
3
vulnerability VCID-nuap-ea2h-efdd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.4
aliases CVE-2025-46349, GHSA-2f8p-qqx2-gwr2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1rgx-642j-6bez
1
url VCID-314j-emdm-t7bh
vulnerability_id VCID-314j-emdm-t7bh
summary Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52277
reference_id
reference_type
scores
0
value 0.00156
scoring_system epss
scoring_elements 0.36395
published_at 2026-06-12T12:55:00Z
1
value 0.00156
scoring_system epss
scoring_elements 0.36408
published_at 2026-06-14T12:55:00Z
2
value 0.00156
scoring_system epss
scoring_elements 0.36215
published_at 2026-06-11T12:55:00Z
3
value 0.00156
scoring_system epss
scoring_elements 0.36419
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52277
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-52277
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-52277
3
reference_url https://github.com/nakkouchtarek/CVE/tree/main/CVE-2025-52277
reference_id CVE-2025-52277
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T13:40:11Z/
url https://github.com/nakkouchtarek/CVE/tree/main/CVE-2025-52277
4
reference_url https://github.com/advisories/GHSA-29cj-cxw4-v4j2
reference_id GHSA-29cj-cxw4-v4j2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-29cj-cxw4-v4j2
5
reference_url http://yeswiki.com
reference_id yeswiki.com
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T13:40:11Z/
url http://yeswiki.com
fixed_packages
aliases CVE-2025-52277, GHSA-29cj-cxw4-v4j2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-314j-emdm-t7bh
2
url VCID-6e7h-385p-zbak
vulnerability_id VCID-6e7h-385p-zbak
summary YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data['id_fiche'] value (sourced from $_POST['id_fiche']) is concatenated directly into a raw SQL query without any sanitization or parameterization. This issue has been patched in version 4.6.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41143
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02842
published_at 2026-06-13T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02853
published_at 2026-06-14T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02849
published_at 2026-06-11T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02858
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41143
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41143
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41143
3
reference_url https://github.com/advisories/GHSA-f58v-p6j9-24c2
reference_id GHSA-f58v-p6j9-24c2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f58v-p6j9-24c2
4
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-f58v-p6j9-24c2
reference_id GHSA-f58v-p6j9-24c2
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-07T13:41:41Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-f58v-p6j9-24c2
5
reference_url https://github.com/YesWiki/yeswiki/releases/tag/v4.6.1
reference_id v4.6.1
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-05-07T13:41:41Z/
url https://github.com/YesWiki/yeswiki/releases/tag/v4.6.1
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.6.1
purl pkg:composer/yeswiki/yeswiki@4.6.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.6.1
aliases CVE-2026-41143, GHSA-f58v-p6j9-24c2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6e7h-385p-zbak
3
url VCID-7pet-xetc-6khc
vulnerability_id VCID-7pet-xetc-6khc
summary YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46348
reference_id
reference_type
scores
0
value 0.00626
scoring_system epss
scoring_elements 0.70794
published_at 2026-06-13T12:55:00Z
1
value 0.00626
scoring_system epss
scoring_elements 0.70791
published_at 2026-06-14T12:55:00Z
2
value 0.00626
scoring_system epss
scoring_elements 0.70691
published_at 2026-06-11T12:55:00Z
3
value 0.00626
scoring_system epss
scoring_elements 0.70781
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46348
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46348
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46348
3
reference_url https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530
reference_id 0d4efc880a727599fa4f6d7a64cc967afe475530
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-30T13:19:31Z/
url https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530
4
reference_url https://github.com/advisories/GHSA-wc9g-6j9w-hr95
reference_id GHSA-wc9g-6j9w-hr95
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wc9g-6j9w-hr95
5
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95
reference_id GHSA-wc9g-6j9w-hr95
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-30T13:19:31Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wc9g-6j9w-hr95
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.4
purl pkg:composer/yeswiki/yeswiki@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-314j-emdm-t7bh
1
vulnerability VCID-6e7h-385p-zbak
2
vulnerability VCID-g1rj-vehc-3qe2
3
vulnerability VCID-nuap-ea2h-efdd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.4
aliases CVE-2025-46348, GHSA-wc9g-6j9w-hr95
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7pet-xetc-6khc
4
url VCID-7w5f-cxmw-4kds
vulnerability_id VCID-7w5f-cxmw-4kds
summary YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the application fails to properly sanitize or encode user input submitted to the comments. Notably, the application sanitizes or does not allow execution of `<script>` tags, but does not account for payloads obfuscated using JavaScript block comments like `/* JavaScriptPayload */`. This issue has been patched in version 4.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46346
reference_id
reference_type
scores
0
value 0.0054
scoring_system epss
scoring_elements 0.68169
published_at 2026-06-14T12:55:00Z
1
value 0.0054
scoring_system epss
scoring_elements 0.68159
published_at 2026-06-12T12:55:00Z
2
value 0.0054
scoring_system epss
scoring_elements 0.68172
published_at 2026-06-13T12:55:00Z
3
value 0.0054
scoring_system epss
scoring_elements 0.68071
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46346
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46346
reference_id
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46346
3
reference_url https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530
reference_id 0d4efc880a727599fa4f6d7a64cc967afe475530
reference_type
scores
0
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T17:47:34Z/
url https://github.com/YesWiki/yeswiki/commit/0d4efc880a727599fa4f6d7a64cc967afe475530
4
reference_url https://github.com/advisories/GHSA-59x8-cvxh-3mm4
reference_id GHSA-59x8-cvxh-3mm4
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-59x8-cvxh-3mm4
5
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-59x8-cvxh-3mm4
reference_id GHSA-59x8-cvxh-3mm4
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T17:47:34Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-59x8-cvxh-3mm4
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.4
purl pkg:composer/yeswiki/yeswiki@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-314j-emdm-t7bh
1
vulnerability VCID-6e7h-385p-zbak
2
vulnerability VCID-g1rj-vehc-3qe2
3
vulnerability VCID-nuap-ea2h-efdd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.4
aliases CVE-2025-46346, GHSA-59x8-cvxh-3mm4
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7w5f-cxmw-4kds
5
url VCID-9tv8-d43r-dyae
vulnerability_id VCID-9tv8-d43r-dyae
summary YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-31131
reference_id
reference_type
scores
0
value 0.12044
scoring_system epss
scoring_elements 0.93972
published_at 2026-06-14T12:55:00Z
1
value 0.12044
scoring_system epss
scoring_elements 0.93966
published_at 2026-06-12T12:55:00Z
2
value 0.12044
scoring_system epss
scoring_elements 0.93971
published_at 2026-06-13T12:55:00Z
3
value 0.12044
scoring_system epss
scoring_elements 0.93946
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-31131
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-31131
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-31131
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52135.txt
reference_id CVE-2025-31131
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52135.txt
4
reference_url https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989
reference_id f78c915369a60c74ab8f38561ae93a4aaca9b989
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T16:09:50Z/
url https://github.com/YesWiki/yeswiki/commit/f78c915369a60c74ab8f38561ae93a4aaca9b989
5
reference_url https://github.com/advisories/GHSA-w34w-fvp3-68xm
reference_id GHSA-w34w-fvp3-68xm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w34w-fvp3-68xm
6
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm
reference_id GHSA-w34w-fvp3-68xm
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-01T16:09:50Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w34w-fvp3-68xm
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.2
purl pkg:composer/yeswiki/yeswiki@4.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rgx-642j-6bez
1
vulnerability VCID-314j-emdm-t7bh
2
vulnerability VCID-6e7h-385p-zbak
3
vulnerability VCID-7pet-xetc-6khc
4
vulnerability VCID-7w5f-cxmw-4kds
5
vulnerability VCID-a23f-j6q6-jkfm
6
vulnerability VCID-g1rj-vehc-3qe2
7
vulnerability VCID-hf5e-5b9a-ykdd
8
vulnerability VCID-nuap-ea2h-efdd
9
vulnerability VCID-rusk-knae-fkae
10
vulnerability VCID-xw5r-q3tj-7kbc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.2
aliases CVE-2025-31131, GHSA-w34w-fvp3-68xm
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9tv8-d43r-dyae
6
url VCID-a23f-j6q6-jkfm
vulnerability_id VCID-a23f-j6q6-jkfm
summary YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46549
reference_id
reference_type
scores
0
value 0.00576
scoring_system epss
scoring_elements 0.6937
published_at 2026-06-13T12:55:00Z
1
value 0.00576
scoring_system epss
scoring_elements 0.69367
published_at 2026-06-14T12:55:00Z
2
value 0.00781
scoring_system epss
scoring_elements 0.74225
published_at 2026-06-12T12:55:00Z
3
value 0.01472
scoring_system epss
scoring_elements 0.81357
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46549
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46549
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46549
3
reference_url https://github.com/YesWiki/yeswiki/commit/107d43056adebaa0c731230f9fd010898e88f3f5
reference_id 107d43056adebaa0c731230f9fd010898e88f3f5
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:19:00Z/
url https://github.com/YesWiki/yeswiki/commit/107d43056adebaa0c731230f9fd010898e88f3f5
4
reference_url https://github.com/advisories/GHSA-r9gv-qffm-xw6f
reference_id GHSA-r9gv-qffm-xw6f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r9gv-qffm-xw6f
5
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r9gv-qffm-xw6f
reference_id GHSA-r9gv-qffm-xw6f
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:19:00Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r9gv-qffm-xw6f
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.4
purl pkg:composer/yeswiki/yeswiki@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-314j-emdm-t7bh
1
vulnerability VCID-6e7h-385p-zbak
2
vulnerability VCID-g1rj-vehc-3qe2
3
vulnerability VCID-nuap-ea2h-efdd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.4
aliases CVE-2025-46549, GHSA-r9gv-qffm-xw6f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a23f-j6q6-jkfm
7
url VCID-g1rj-vehc-3qe2
vulnerability_id VCID-g1rj-vehc-3qe2
summary 
YesWiki has Multiple Reflected Cross-site Scripting Vulnerabilities
### Summary

Multiple **reflected Cross-site Scripting (XSS)** vulnerabilities across both **authenticated and unauthenticated** portions of the application. These findings present a significant security risk, as they can be leveraged to execute arbitrary JavaScript in a victim’s browser under various contexts.

## Impact and Exploitation

While XSS is often treated as a standalone issue, these vulnerabilities have broader implications. Specifically, they can be used as **launch points to exploit other significant vulnerabilities**. 

Proof of concept links follow. All testing was performed on my local docker setup running the lastest version of the application. 

## Proof of Concepts

## Authenticated Reflected XSS

```
http://localhost:8085/?ElizabethJFeinler/deletepage&incomingurl=%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3E
```

```
http://localhost:8085/?BazaR&vue=saisir&action=saisir_fiche&id=%3Cscript%3Ealert(1)%3C%2fscript%3E
```

```
http://localhost:8085/?GererThemes/upload&file=%3Cscript%3Ealert(1)%3C/script%3E
```

## Unauthenticated Reflected XSS


```
http://localhost:8085/?PagePrincipale/listpages&tags=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
```

In this one, most of the parameters can be used to deliver an XSS payload, not just the template parameter. 

```
http://localhost:8085/?BazaR/bazariframe&id=2&template=<script>alert(1)</script>&width=100%25&height=600px&lat=46.22763&lon=2.213749&markersize=big&provider=MapBox&zoom=5&groups=&titles=&groupsexpanded=false
```

### Impact

The reflected XSS vulnerabilities identified pose a significant risk to both application integrity and user safety. When combined with other issues discovered such as insecure endpoints or improper authentication mechanisms. These XSS flaws can be leveraged to escalate access, hijack sessions, and in some cases, achieve remote code execution (RCE). For example, malicious JavaScript executed via XSS could be used to trigger authenticated requests that exploit backend vulnerabilities, ultimately allowing an attacker to execute arbitrary commands on the server or pivot deeper into the environment.

### Mitigation
Update to version 4.6.0
references
0
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
1
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-5724-x3rh-5qqq
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-5724-x3rh-5qqq
2
reference_url https://github.com/advisories/GHSA-5724-x3rh-5qqq
reference_id GHSA-5724-x3rh-5qqq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5724-x3rh-5qqq
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.6.0
purl pkg:composer/yeswiki/yeswiki@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6e7h-385p-zbak
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.6.0
aliases GHSA-5724-x3rh-5qqq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1rj-vehc-3qe2
8
url VCID-hf5e-5b9a-ykdd
vulnerability_id VCID-hf5e-5b9a-ykdd
summary YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46350
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52729
published_at 2026-06-13T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.52711
published_at 2026-06-14T12:55:00Z
2
value 0.00288
scoring_system epss
scoring_elements 0.52714
published_at 2026-06-12T12:55:00Z
3
value 0.00288
scoring_system epss
scoring_elements 0.52586
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46350
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46350
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46350
3
reference_url https://github.com/YesWiki/yeswiki/commit/e2603176a4607b83659635a0c517550d4a171cb9
reference_id e2603176a4607b83659635a0c517550d4a171cb9
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:00:32Z/
url https://github.com/YesWiki/yeswiki/commit/e2603176a4607b83659635a0c517550d4a171cb9
4
reference_url https://github.com/advisories/GHSA-cg4f-cq8h-3ch8
reference_id GHSA-cg4f-cq8h-3ch8
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg4f-cq8h-3ch8
5
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8
reference_id GHSA-cg4f-cq8h-3ch8
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
1
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:00:32Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.4
purl pkg:composer/yeswiki/yeswiki@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-314j-emdm-t7bh
1
vulnerability VCID-6e7h-385p-zbak
2
vulnerability VCID-g1rj-vehc-3qe2
3
vulnerability VCID-nuap-ea2h-efdd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.4
aliases CVE-2025-46350, GHSA-cg4f-cq8h-3ch8
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hf5e-5b9a-ykdd
9
url VCID-ndxg-jpam-u7cv
vulnerability_id VCID-ndxg-jpam-u7cv
summary YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the content edition feature and more specifically of the `{{attach}}` component allowing users to attach files/medias to a page. When a file is attached using the `{{attach}}` component, if the resource contained in the `file` attribute doesn't exist, then the server will generate a file upload button containing the filename. This vulnerability allows any malicious authenticated user that has the right to create a comment or edit a page to be able to steal accounts and therefore modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24018
reference_id
reference_type
scores
0
value 0.00203
scoring_system epss
scoring_elements 0.42375
published_at 2026-06-11T12:55:00Z
1
value 0.00276
scoring_system epss
scoring_elements 0.51472
published_at 2026-06-14T12:55:00Z
2
value 0.00276
scoring_system epss
scoring_elements 0.51471
published_at 2026-06-12T12:55:00Z
3
value 0.00276
scoring_system epss
scoring_elements 0.51485
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24018
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24018
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24018
3
reference_url https://github.com/YesWiki/yeswiki/blob/v4.4.5/tools/attach/libs/attach.lib.php#L660
reference_id attach.lib.php#L660
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:15:18Z/
url https://github.com/YesWiki/yeswiki/blob/v4.4.5/tools/attach/libs/attach.lib.php#L660
4
reference_url https://github.com/YesWiki/yeswiki/commit/c1e28b59394957902c31c850219e4504a20db98b
reference_id c1e28b59394957902c31c850219e4504a20db98b
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:15:18Z/
url https://github.com/YesWiki/yeswiki/commit/c1e28b59394957902c31c850219e4504a20db98b
5
reference_url https://github.com/advisories/GHSA-w59h-3x3q-3p6j
reference_id GHSA-w59h-3x3q-3p6j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w59h-3x3q-3p6j
6
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w59h-3x3q-3p6j
reference_id GHSA-w59h-3x3q-3p6j
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T17:15:18Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w59h-3x3q-3p6j
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.0
purl pkg:composer/yeswiki/yeswiki@4.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rgx-642j-6bez
1
vulnerability VCID-314j-emdm-t7bh
2
vulnerability VCID-6e7h-385p-zbak
3
vulnerability VCID-7pet-xetc-6khc
4
vulnerability VCID-7w5f-cxmw-4kds
5
vulnerability VCID-9tv8-d43r-dyae
6
vulnerability VCID-a23f-j6q6-jkfm
7
vulnerability VCID-g1rj-vehc-3qe2
8
vulnerability VCID-hf5e-5b9a-ykdd
9
vulnerability VCID-nuap-ea2h-efdd
10
vulnerability VCID-rusk-knae-fkae
11
vulnerability VCID-xw5r-q3tj-7kbc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.0
aliases CVE-2025-24018, GHSA-w59h-3x3q-3p6j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ndxg-jpam-u7cv
10
url VCID-nuap-ea2h-efdd
vulnerability_id VCID-nuap-ea2h-efdd
summary YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. This issue has been patched in version 4.6.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34598
reference_id
reference_type
scores
0
value 0.0007
scoring_system epss
scoring_elements 0.21841
published_at 2026-06-12T12:55:00Z
1
value 0.0007
scoring_system epss
scoring_elements 0.21827
published_at 2026-06-14T12:55:00Z
2
value 0.0007
scoring_system epss
scoring_elements 0.21653
published_at 2026-06-11T12:55:00Z
3
value 0.0007
scoring_system epss
scoring_elements 0.21853
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34598
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34598
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34598
3
reference_url https://github.com/advisories/GHSA-37fq-47qj-6j5j
reference_id GHSA-37fq-47qj-6j5j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-37fq-47qj-6j5j
4
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-37fq-47qj-6j5j
reference_id GHSA-37fq-47qj-6j5j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T19:09:35Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-37fq-47qj-6j5j
5
reference_url https://github.com/YesWiki/yeswiki/releases/tag/v4.6.0
reference_id v4.6.0
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-02T19:09:35Z/
url https://github.com/YesWiki/yeswiki/releases/tag/v4.6.0
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.6.0
purl pkg:composer/yeswiki/yeswiki@4.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6e7h-385p-zbak
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.6.0
aliases CVE-2026-34598, GHSA-37fq-47qj-6j5j
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuap-ea2h-efdd
11
url VCID-phmm-d13t-fyb1
vulnerability_id VCID-phmm-d13t-fyb1
summary YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user running the FastCGI Process Manager (FPM) on the host without any limitation on the filesystem's scope. This vulnerability allows any authenticated user to arbitrarily remove content from the Wiki resulting in partial loss of data and defacement/deterioration of the website. In the context of a container installation of YesWiki without any modification, the `yeswiki` files (for example .php) are not owned by the same user (root) as the one running the FPM process (www-data). However in a standard installation, www-data may also be the owner of the PHP files, allowing a malicious user to completely cut the access to the wiki by deleting all important PHP files (like index.php or core files of YesWiki). Version 4.5.0 contains a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24019
reference_id
reference_type
scores
0
value 0.00623
scoring_system epss
scoring_elements 0.70715
published_at 2026-06-14T12:55:00Z
1
value 0.00623
scoring_system epss
scoring_elements 0.70705
published_at 2026-06-12T12:55:00Z
2
value 0.00623
scoring_system epss
scoring_elements 0.70718
published_at 2026-06-13T12:55:00Z
3
value 0.00623
scoring_system epss
scoring_elements 0.70615
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24019
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24019
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24019
3
reference_url https://github.com/YesWiki/yeswiki/commit/3ddd833d22703caf9025659eb174f7765df7147c
reference_id 3ddd833d22703caf9025659eb174f7765df7147c
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:57:51Z/
url https://github.com/YesWiki/yeswiki/commit/3ddd833d22703caf9025659eb174f7765df7147c
4
reference_url https://github.com/advisories/GHSA-43c9-gw4x-pcx6
reference_id GHSA-43c9-gw4x-pcx6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43c9-gw4x-pcx6
5
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-43c9-gw4x-pcx6
reference_id GHSA-43c9-gw4x-pcx6
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T18:57:51Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-43c9-gw4x-pcx6
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.0
purl pkg:composer/yeswiki/yeswiki@4.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rgx-642j-6bez
1
vulnerability VCID-314j-emdm-t7bh
2
vulnerability VCID-6e7h-385p-zbak
3
vulnerability VCID-7pet-xetc-6khc
4
vulnerability VCID-7w5f-cxmw-4kds
5
vulnerability VCID-9tv8-d43r-dyae
6
vulnerability VCID-a23f-j6q6-jkfm
7
vulnerability VCID-g1rj-vehc-3qe2
8
vulnerability VCID-hf5e-5b9a-ykdd
9
vulnerability VCID-nuap-ea2h-efdd
10
vulnerability VCID-rusk-knae-fkae
11
vulnerability VCID-xw5r-q3tj-7kbc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.0
aliases CVE-2025-24019, GHSA-43c9-gw4x-pcx6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-phmm-d13t-fyb1
12
url VCID-pw5f-8aen-5fhj
vulnerability_id VCID-pw5f-8aen-5fhj
summary YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't exist, the tag is reflected on the page and isn't properly sanitized on the server side which allows a malicious user to generate a link that will trigger an XSS on the client's side when clicked. This vulnerability allows any user to generate a malicious link that will trigger an account takeover when clicked, therefore allowing a user to steal other accounts, modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-24017
reference_id
reference_type
scores
0
value 0.00285
scoring_system epss
scoring_elements 0.5222
published_at 2026-06-11T12:55:00Z
1
value 0.00387
scoring_system epss
scoring_elements 0.60361
published_at 2026-06-14T12:55:00Z
2
value 0.00387
scoring_system epss
scoring_elements 0.60356
published_at 2026-06-12T12:55:00Z
3
value 0.00387
scoring_system epss
scoring_elements 0.60367
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-24017
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-24017
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-24017
3
reference_url https://github.com/YesWiki/yeswiki/commit/c1e28b59394957902c31c850219e4504a20db98b
reference_id c1e28b59394957902c31c850219e4504a20db98b
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T16:36:11Z/
url https://github.com/YesWiki/yeswiki/commit/c1e28b59394957902c31c850219e4504a20db98b
4
reference_url https://github.com/advisories/GHSA-wphc-5f2j-jhvg
reference_id GHSA-wphc-5f2j-jhvg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wphc-5f2j-jhvg
5
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wphc-5f2j-jhvg
reference_id GHSA-wphc-5f2j-jhvg
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-21T16:36:11Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wphc-5f2j-jhvg
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.0
purl pkg:composer/yeswiki/yeswiki@4.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rgx-642j-6bez
1
vulnerability VCID-314j-emdm-t7bh
2
vulnerability VCID-6e7h-385p-zbak
3
vulnerability VCID-7pet-xetc-6khc
4
vulnerability VCID-7w5f-cxmw-4kds
5
vulnerability VCID-9tv8-d43r-dyae
6
vulnerability VCID-a23f-j6q6-jkfm
7
vulnerability VCID-g1rj-vehc-3qe2
8
vulnerability VCID-hf5e-5b9a-ykdd
9
vulnerability VCID-nuap-ea2h-efdd
10
vulnerability VCID-rusk-knae-fkae
11
vulnerability VCID-xw5r-q3tj-7kbc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.0
aliases CVE-2025-24017, GHSA-wphc-5f2j-jhvg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pw5f-8aen-5fhj
13
url VCID-rusk-knae-fkae
vulnerability_id VCID-rusk-knae-fkae
summary YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of the server. This could potentially be performed unwittingly by a user. This issue has been patched in version 4.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46347
reference_id
reference_type
scores
0
value 0.02401
scoring_system epss
scoring_elements 0.85455
published_at 2026-06-14T12:55:00Z
1
value 0.02401
scoring_system epss
scoring_elements 0.85454
published_at 2026-06-12T12:55:00Z
2
value 0.02401
scoring_system epss
scoring_elements 0.85463
published_at 2026-06-13T12:55:00Z
3
value 0.02401
scoring_system epss
scoring_elements 0.85402
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46347
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46347
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46347
3
reference_url https://github.com/YesWiki/yeswiki/commit/8fe5275a78dc7e0f9c242baa3cbac6b5ac1cc066
reference_id 8fe5275a78dc7e0f9c242baa3cbac6b5ac1cc066
reference_type
scores
0
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
1
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:06:13Z/
url https://github.com/YesWiki/yeswiki/commit/8fe5275a78dc7e0f9c242baa3cbac6b5ac1cc066
4
reference_url https://github.com/advisories/GHSA-88xg-v53p-fpvf
reference_id GHSA-88xg-v53p-fpvf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-88xg-v53p-fpvf
5
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf
reference_id GHSA-88xg-v53p-fpvf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P
2
value 7.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-29T18:06:13Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-88xg-v53p-fpvf
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.4
purl pkg:composer/yeswiki/yeswiki@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-314j-emdm-t7bh
1
vulnerability VCID-6e7h-385p-zbak
2
vulnerability VCID-g1rj-vehc-3qe2
3
vulnerability VCID-nuap-ea2h-efdd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.4
aliases CVE-2025-46347, GHSA-88xg-v53p-fpvf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rusk-knae-fkae
14
url VCID-xw5r-q3tj-7kbc
vulnerability_id VCID-xw5r-q3tj-7kbc
summary YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-46550
reference_id
reference_type
scores
0
value 0.00526
scoring_system epss
scoring_elements 0.67562
published_at 2026-06-13T12:55:00Z
1
value 0.00526
scoring_system epss
scoring_elements 0.6756
published_at 2026-06-14T12:55:00Z
2
value 0.00563
scoring_system epss
scoring_elements 0.6884
published_at 2026-06-11T12:55:00Z
3
value 0.00714
scoring_system epss
scoring_elements 0.72871
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-46550
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-46550
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-46550
3
reference_url https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a
reference_id 4e9e51d80cd024ed2ac5c12c820817e6d8c2655a
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:18:25Z/
url https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a
4
reference_url https://github.com/advisories/GHSA-ggqx-43h2-55jp
reference_id GHSA-ggqx-43h2-55jp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ggqx-43h2-55jp
5
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp
reference_id GHSA-ggqx-43h2-55jp
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T13:18:25Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.5.4
purl pkg:composer/yeswiki/yeswiki@4.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-314j-emdm-t7bh
1
vulnerability VCID-6e7h-385p-zbak
2
vulnerability VCID-g1rj-vehc-3qe2
3
vulnerability VCID-nuap-ea2h-efdd
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.5.4
aliases CVE-2025-46550, GHSA-ggqx-43h2-55jp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw5r-q3tj-7kbc
Fixing_vulnerabilities
0
url VCID-cbfr-ybpa-u3f4
vulnerability_id VCID-cbfr-ybpa-u3f4
summary YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51478
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36444
published_at 2026-06-12T12:55:00Z
1
value 0.00157
scoring_system epss
scoring_elements 0.36458
published_at 2026-06-14T12:55:00Z
2
value 0.00157
scoring_system epss
scoring_elements 0.36264
published_at 2026-06-11T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.3647
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51478
1
reference_url https://github.com/YesWiki/yeswiki
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
1
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/YesWiki/yeswiki
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51478
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
1
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51478
3
reference_url https://github.com/YesWiki/yeswiki/commit/b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc
reference_id b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
1
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-31T16:50:17Z/
url https://github.com/YesWiki/yeswiki/commit/b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc
4
reference_url https://github.com/YesWiki/yeswiki/commit/e1285709f6f6a2277bd0075acf369f33cefd78f7
reference_id e1285709f6f6a2277bd0075acf369f33cefd78f7
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
1
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-31T16:50:17Z/
url https://github.com/YesWiki/yeswiki/commit/e1285709f6f6a2277bd0075acf369f33cefd78f7
5
reference_url https://github.com/advisories/GHSA-4fvx-h823-38v3
reference_id GHSA-4fvx-h823-38v3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fvx-h823-38v3
6
reference_url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3
reference_id GHSA-4fvx-h823-38v3
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:L
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-10-31T16:50:17Z/
url https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3
fixed_packages
0
url pkg:composer/yeswiki/yeswiki@4.4.5
purl pkg:composer/yeswiki/yeswiki@4.4.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rgx-642j-6bez
1
vulnerability VCID-314j-emdm-t7bh
2
vulnerability VCID-6e7h-385p-zbak
3
vulnerability VCID-7pet-xetc-6khc
4
vulnerability VCID-7w5f-cxmw-4kds
5
vulnerability VCID-9tv8-d43r-dyae
6
vulnerability VCID-a23f-j6q6-jkfm
7
vulnerability VCID-g1rj-vehc-3qe2
8
vulnerability VCID-hf5e-5b9a-ykdd
9
vulnerability VCID-ndxg-jpam-u7cv
10
vulnerability VCID-nuap-ea2h-efdd
11
vulnerability VCID-phmm-d13t-fyb1
12
vulnerability VCID-pw5f-8aen-5fhj
13
vulnerability VCID-rusk-knae-fkae
14
vulnerability VCID-xw5r-q3tj-7kbc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.4.5
aliases CVE-2024-51478, GHSA-4fvx-h823-38v3
risk_score 4.5
exploitability 0.5
weighted_severity 8.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbfr-ybpa-u3f4
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/yeswiki/yeswiki@4.4.5