CVE-2025-46349 – YesWiki Reflected Cross-Site Scripting (XSS) Vulnerability

April 29, 2025

CVE ID : CVE-2025-46349

Published : April 29, 2025, 6:15 p.m. | 52 minutes ago

Description : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46350 – YesWiki Reflected Cross-Site Scripting Vulnerability

Next Article CVE-2025-46347 – YesWiki Remote Code Execution Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

“Bing was not as bad as I thought it was” — search engine gets backhanded compliment as experts explore why people use Google

EA cancels Titanfall incubation project, lays off staff at Apex Legends and Star Wars Jedi developer Respawn Entertainment

“Fear not—we are cooking!” Helldivers 2 devs say there’s “exciting news to come” and a new Warbond in May as we defeat the Illuminate, which surely means it’s about to invade for real and kill us all

The Game Pass hit STALKER 2 just got a huge Xbox award, and I can’t think of a game more deserving

Solution Highlight – Oracle Revenue Management / SSP – Part 1

Solution Highlight – Oracle Revenue Management / SSP – Part 1

Community News: Latest PECL Releases (04.29.2025)

Using Sitecore Connect and OpenAI: A Practical Example for Page Metadata Enhancement

“Bing was not as bad as I thought it was” — search engine gets backhanded compliment as experts explore why people use Google

“Bing was not as bad as I thought it was” — search engine gets backhanded compliment as experts explore why people use Google

EA cancels Titanfall incubation project, lays off staff at Apex Legends and Star Wars Jedi developer Respawn Entertainment

“Fear not—we are cooking!” Helldivers 2 devs say there’s “exciting news to come” and a new Warbond in May as we defeat the Illuminate, which surely means it’s about to invade for real and kill us all

CVE-2025-46349 – YesWiki Reflected Cross-Site Scripting (XSS) Vulnerability

Rancher Releases Patch for CVE-2024-22031 Privilege Escalation Vulnerability

High-Severity DoS Vulnerability Found in PowerDNS DNSdist (CVE-2025-30194)

Converting Laravel Models to JSON for API Responses

Apple WWDC Keynote: iOS 18, iPad OS 18 and macOS Sequoia Coming In Fall

Developments in Family of Claude Models by Anthropic AI: A Comprehensive Review

Distribution Release: TrueNAS 25.04.0

Apple iOS 18.3.1 may finally patch this horrendous Apple Intelligence notification mistake

The murky world of password leaks â€“ and how to check if youâ€™ve been hit

The Best Practices for Managing Your Client’s WordPress Sites

CMU Researchers Propose XGrammar: An Open-Source Library for Efficient, Flexible, and Portable Structured Generation

CVE-2025-46349 – YesWiki Reflected Cross-Site Scripting (XSS) Vulnerability

Related Posts