CVE-2025-46346 – YesWiki Stored Cross-Site Scripting (XSS) Vulnerability

April 29, 2025

CVE ID : CVE-2025-46346

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, a stored cross-site scripting (XSS) vulnerability was discovered in the application’s comments feature. This issue allows a malicious actor to inject JavaScript payloads that are stored and later executed in the browser of any user viewing the affected comment. The XSS occurs because the application fails to properly sanitize or encode user input submitted to the comments. Notably, the application sanitizes or does not allow execution of `

Source: Read More

Previous ArticleCVE-2025-4068 – Code-projects Simple Movie Ticket Booking System Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-40619 – Bookgy Authentication Bypass

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

“Bing was not as bad as I thought it was” — search engine gets backhanded compliment as experts explore why people use Google

EA cancels Titanfall incubation project, lays off staff at Apex Legends and Star Wars Jedi developer Respawn Entertainment

“Fear not—we are cooking!” Helldivers 2 devs say there’s “exciting news to come” and a new Warbond in May as we defeat the Illuminate, which surely means it’s about to invade for real and kill us all

The Game Pass hit STALKER 2 just got a huge Xbox award, and I can’t think of a game more deserving

Solution Highlight – Oracle Revenue Management / SSP – Part 1

Solution Highlight – Oracle Revenue Management / SSP – Part 1

Community News: Latest PECL Releases (04.29.2025)

Using Sitecore Connect and OpenAI: A Practical Example for Page Metadata Enhancement

“Bing was not as bad as I thought it was” — search engine gets backhanded compliment as experts explore why people use Google

“Bing was not as bad as I thought it was” — search engine gets backhanded compliment as experts explore why people use Google

EA cancels Titanfall incubation project, lays off staff at Apex Legends and Star Wars Jedi developer Respawn Entertainment

“Fear not—we are cooking!” Helldivers 2 devs say there’s “exciting news to come” and a new Warbond in May as we defeat the Illuminate, which surely means it’s about to invade for real and kill us all

CVE-2025-46346 – YesWiki Stored Cross-Site Scripting (XSS) Vulnerability

Rancher Releases Patch for CVE-2024-22031 Privilege Escalation Vulnerability

High-Severity DoS Vulnerability Found in PowerDNS DNSdist (CVE-2025-30194)

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Perficient Wins EX Impact Award for Diversity, Equity, Inclusion, and Belonging

MIT Researchers Developed Heterogeneous Pre-trained Transformers (HPTs): A Scalable AI Approach for Robotic Learning from Heterogeneous Data

Windows 11 hits a new market share milestone as Windows 10’s death looms on the horizon

The latest Windows 11 update did not end support for older Intel chips. Here’s the source of the confusion.

BeforeClass doesn’t get displayed in TestNG test results window

Property Automate

Design: Common Mistakes and How to Avoid Them

CVE-2025-46346 – YesWiki Stored Cross-Site Scripting (XSS) Vulnerability

Related Posts