CVE-2025-46549
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting
Description
### Summary **Vulnerable Version:** Yeswiki < v4.5.4 **Category:** Injection **CWE: 79:** Improper Neutralization of Input During Web Page Generation (CWE-79) **CVSS:** 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) **Vulnerable Endpoint:** `/?BazaR/bazariframe` **Vulnerable Parameter:** `template` **Payload:** `<script>alert(1)</script>` ### Details Reflected Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser-side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. ### PoC 1. Visit the endpoint as mentioned below and see that an alert box pops up: **URL with Payload:** `https://yeswiki.net/?BazaR/bazariframe&id=2&template=%3cscript%3ealert(1)%3c%2fscript%3e` ### Impact An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content.
How to fix CVE-2025-46549
To remediate CVE-2025-46549, upgrade the affected package to a fixed version below.
- —upgrade to 4.5.4 or later
Is CVE-2025-46549 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 4.5.4