CVE-2025-46350: Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting

April 29, 2025

Vulnerable Version: Yeswiki < v4.5.4 Vulnerable Endpoint: /?PagePrincipale%2Fdeletepage Vulnerable Parameter: incomingurl Payload: "><script>alert(1)</script>

References

github.com/YesWiki/yeswiki
github.com/YesWiki/yeswiki/commit/e2603176a4607b83659635a0c517550d4a171cb9
github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8
github.com/advisories/GHSA-cg4f-cq8h-3ch8
nvd.nist.gov/vuln/detail/CVE-2025-46350

Code Behaviors & Features

Detect and mitigate CVE-2025-46350 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →