Unauthenticated DOM Based XSS in YesWiki
It is possible for any end-user to craft a DOM based XSS on all of YesWiki's pages which will be triggered when a user clicks on a malicious link. This Proof of Concept has been performed using the followings: YesWiki v4.4.5 (doryphore-dev branch, latest) Docker environnment (docker/docker-compose.yml) Docker v27.5.0 Default installation