CVE-2025-46549 Scanner

YesWiki is a widely used open-source software that allows users to collaboratively create and edit web pages. It's frequently employed by individuals and organizations to set up community-driven platforms, information hubs, and personal projects due to its flexibility and ease of use. The platform is highly customizable, permitting plugin-based extensions to broaden its capabilities. By enabling user-generated content, it fosters community engagement and interactive information sharing. Additionally, the simplicity of its interface and the extensiveness of its ecosystem make it accessible for non-technical users. Many web communities rely on YesWiki for its user-friendly interface and comprehensive feature set.

The Cross-Site Scripting (XSS) vulnerability in YesWiki allows an attacker to inject malicious scripts into web pages viewed by other users. This can result in cookie theft, session hijacking, site defacement, and the embedding of malicious content. The vulnerability is due to insufficient input sanitization, enabling attackers to input JavaScript code that executes in the context of other users' sessions. This vulnerability typically requires an unwitting user to click a malicious link crafted by the attacker. Its impact can be significant, affecting a broad user base as it directly targets the end-users who interact with an infected page. This type of vulnerability is a common target because it can be exploited with relative ease and has substantial negative impacts.

The technical details of this vulnerability involve insufficient sanitization of user input in YesWiki <= 4.5.1. The vulnerable endpoint is accessed via a GET request using the URL parameter "template," whereby an attacker can introduce script tags to execute JavaScript code. Successful exploitation of this vulnerability depends on tricking a logged-in user into clicking a crafted URL, which, once clicked, allows the malicious script to execute in the user's browser. The attack is confirmed by the presence of specific elements in the server's response, such as the execution of the injected JavaScript and status code 200, which indicates a successful HTTP request. Additionally, the content returned is expected to be of type "text/html," confirming that the intended manipulation targets web pages directly.

The possible effects of this vulnerability being exploited by malicious actors include unauthorized access to sensitive user information, such as session tokens and cookies, which can lead to account hijacking. Moreover, attackers can leverage this to conduct phishing attacks, deface websites, and introduce additional malicious payloads into the system. These actions can compromise the integrity, availability, and confidentiality of the affected systems and data. Organizations might face reputational damage, loss of user trust, and potential legal implications depending on jurisdictional data protection and privacy laws. This vulnerability could also be a stepping-stone for more extensive attacks targeting other network assets or user accounts across different platforms.

REFERENCES

• https://github.com/YesWiki/yeswiki/security/advisories/GHSA-r9gv-qffm-xw6f