{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T07:31:55.082","vulnerabilities":[{"cve":{"id":"CVE-2025-46350","sourceIdentifier":"security-advisories@github.com","published":"2025-04-29T18:15:44.950","lastModified":"2025-05-09T13:57:36.823","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4."},{"lang":"es","value":"YesWiki es un sistema wiki escrito en PHP. Antes de la versión 4.5.4, un atacante podía usar un ataque de cross-site scripting reflejado para robar cookies de un usuario autenticado al hacer que hiciera clic en un enlace malicioso. Las cookies robadas permiten al atacante controlar la sesión del usuario. Esta vulnerabilidad también puede permitir a los atacantes desfigurar el sitio web o incrustar contenido malicioso. Este problema se ha corregido en la versión 4.5.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":0.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yeswiki:yeswiki:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.4","matchCriteriaId":"E3230BE7-CB3C-401F-A727-7052E9E07A68"}]}]}],"references":[{"url":"https://github.com/YesWiki/yeswiki/commit/e2603176a4607b83659635a0c517550d4a171cb9","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}