CVE-2025-46350

Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.

We have discovered 67 live websites that are affected by CVE-2025-46350.

Run a Free Instant Scan



Affected Software

Product  YesWiki
Category Wikis
Vulnerable Domains67 live websites (37% of YesWiki install base)
Vulnerable Versions
  • from 0 through 4.5.4
Vulnerable Versions Count10 versions ( 63% of all versions)


Common Weakness Enumeration

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')



Details

  • Published - Apr 29, 2025
  • Updated - Apr 29, 2025

Website Distribution by Country

Number of websites using CVE-2025-46350
France58 websites
Switzerland4 websites
Germany4 websites
Italy1 websites

Website Distribution by TLD

Number of websites using CVE-2025-46350
.fr29 websites
.org22 websites
.net5 websites
.be4 websites
.info1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2025-46350

Top websites that are affected by CVE-2025-46350. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*************.org Germany***,***
**************************.fr France***,***
*********.org Italy*,***,***
*********.fr France*,***,***
********.fr France*,***,***
****.*******.org France*,***,***
**********.fr France*,***,***
**********.*********.net France*,***,***
********.cc Germany*,***,***
**************.org France*,***,***
See full domain list

FAQ

CVE-2025-46350 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in YesWiki
A total of 67 websites have been identified as vulnerable to CVE-2025-46350, based on global website indexing conducted by WebTechSurvey.
The YesWiki is affected by the CVE-2025-46350 vulnerability.
YesWiki versions up to 4.5.4 are vulnerable to CVE-2025-46350.
CVE-2025-46350 is resolved in version 4.5.4 of YesWiki.