CVE-2025-46349 – YesWiki Reflected Cross-Site Scripting (XSS) Vulnerability

April 29, 2025

CVE ID : CVE-2025-46349

Published : April 29, 2025, 6:15 p.m. | 52 minutes ago

Description : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki is vulnerable to reflected XSS in the file upload form. This vulnerability allows any malicious unauthenticated user to create a link that can be clicked on by the victim to perform arbitrary actions. This issue has been patched in version 4.5.4.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46350 – YesWiki Reflected Cross-Site Scripting Vulnerability

Next Article CVE-2025-46347 – YesWiki Remote Code Execution Vulnerability

Highlights

CVE-2025-4998 – H3C Magic R200G HTTP POST Request Handler Denial of Service Vulnerability

May 20, 2025

CVE ID : CVE-2025-4998

Published : May 20, 2025, 9:15 p.m. | 2 hours, 18 minutes ago

Description : A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function Edit_BasicSSID/Edit_BasicSSID_5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/Asp_SetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

CVE-2025-46349 – YesWiki Reflected Cross-Site Scripting (XSS) Vulnerability

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

How to Access Oracle Fusion Cloud Apps Data from Snowflake

Build scalable containerized RAG based generative AI applications in AWS using Amazon EKS with Amazon Bedrock

25 Advanced Terraform Interview Questions for Senior Roles

Call of Duty: Warzone is officially offline. Here’s when you can play it again.

CVE-2025-4998 – H3C Magic R200G HTTP POST Request Handler Denial of Service Vulnerability

Windsurf Launches SWE-1: A Frontier AI Model Family for End-to-End Software Engineering

danielebarbaro/laravel-vat-eu-validator

CVE-2025-47295 – Fortinet FortiOS Buffer Over-Read Vulnerability

CVE-2025-46349 – YesWiki Reflected Cross-Site Scripting (XSS) Vulnerability

Related Posts