CVE-2025-24017: Unauthenticated DOM Based XSS in YesWiki
It is possible for any end-user to craft a DOM based XSS on all of YesWiki’s pages which will be triggered when a user clicks on a malicious link.
This Proof of Concept has been performed using the followings:
- YesWiki v4.4.5 (
doryphore-dev
branch, latest) - Docker environnment (
docker/docker-compose.yml
) - Docker v27.5.0
- Default installation
References
Detect and mitigate CVE-2025-24017 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →