CVE-2025-24018 Information

Description

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5 it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the content edition feature and more specifically of the attach component allowing users to attach files/medias to a page. When a file is attached using the attach component if the resource contained in the file attribute doesn’t exist then the server will generate a file upload button containing the filename. This vulnerability allows any malicious authenticated user that has the right to create a comment or edit a page to be able to steal accounts and therefore modify pages comments permissions extract user data (emails) thus impacting the integrity availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.

Reference

https://github.com/YesWiki/yeswiki/blob/v4.4.5/tools/attach/libs/attach.lib.php#L660 https://github.com/YesWiki/yeswiki/commit/c1e28b59394957902c31c850219e4504a20db98b https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w59h-3x3q-3p6j https://github.com/YesWiki/yeswiki/security/advisories/GHSA-w59h-3x3q-3p6j