CVE-2025-24018: Authenticated Stored XSS in YesWiki
It is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded.
This Proof of Concept has been performed using the followings:
- YesWiki v4.4.5 (
doryphore-dev
branch, latest) - Docker environnment (
docker/docker-compose.yml
) - Docker v27.5.0
- Default installation
References
- github.com/YesWiki/yeswiki
- github.com/YesWiki/yeswiki/blob/v4.4.5/tools/attach/libs/attach.lib.php
- github.com/YesWiki/yeswiki/commit/c1e28b59394957902c31c850219e4504a20db98b
- github.com/YesWiki/yeswiki/security/advisories/GHSA-w59h-3x3q-3p6j
- github.com/advisories/GHSA-w59h-3x3q-3p6j
- nvd.nist.gov/vuln/detail/CVE-2025-24018
Detect and mitigate CVE-2025-24018 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →