CVE-2025-46550 – YesWiki Reflected Cross-Site Scripting Vulnerability

April 29, 2025

CVE ID : CVE-2025-46550

Published : April 29, 2025, 9:15 p.m. | 1 hour, 52 minutes ago

Description : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleNFO Viewer is a viewer for NFO files

Next Article CVE-2025-46348 – YesWiki Unauthenticated Archive Creation and Download Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

“Bing was not as bad as I thought it was” — search engine gets backhanded compliment as experts explore why people use Google

EA cancels Titanfall incubation project, lays off staff at Apex Legends and Star Wars Jedi developer Respawn Entertainment

“Fear not—we are cooking!” Helldivers 2 devs say there’s “exciting news to come” and a new Warbond in May as we defeat the Illuminate, which surely means it’s about to invade for real and kill us all

The Game Pass hit STALKER 2 just got a huge Xbox award, and I can’t think of a game more deserving

Solution Highlight – Oracle Revenue Management / SSP – Part 1

Solution Highlight – Oracle Revenue Management / SSP – Part 1

Community News: Latest PECL Releases (04.29.2025)

Using Sitecore Connect and OpenAI: A Practical Example for Page Metadata Enhancement

“Bing was not as bad as I thought it was” — search engine gets backhanded compliment as experts explore why people use Google

“Bing was not as bad as I thought it was” — search engine gets backhanded compliment as experts explore why people use Google

EA cancels Titanfall incubation project, lays off staff at Apex Legends and Star Wars Jedi developer Respawn Entertainment

“Fear not—we are cooking!” Helldivers 2 devs say there’s “exciting news to come” and a new Warbond in May as we defeat the Illuminate, which surely means it’s about to invade for real and kill us all

CVE-2025-46550 – YesWiki Reflected Cross-Site Scripting Vulnerability

Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery

Kimsuky Exploits BlueKeep RDP Vulnerability to Breach Systems in South Korea and Japan

Community News: Latest PECL Releases (12.31.2024)

The JavaScript trademark fight rumbles on

Programmatic approach to optimize the cost of Amazon RDS snapshots

T2 is a source-based meta distribution

Microsoft claps back at Salesforce — claims “100,000 organizations” had used Copilot Studio to create AI agents by October 2024

FocalLens: Instruction Tuning Enables Zero-Shot Conditional Image Representations

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Unveiling Critical Batch Size Dynamics: How Data and Model Scaling Impact Efficiency in Large-Scale Language Model Training with Innovative Optimization Techniques

CVE-2025-46550 – YesWiki Reflected Cross-Site Scripting Vulnerability

Related Posts