{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T02:07:18.750","vulnerabilities":[{"cve":{"id":"CVE-2025-46550","sourceIdentifier":"security-advisories@github.com","published":"2025-04-29T21:15:52.467","lastModified":"2025-05-09T13:59:35.920","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the `/?BazaR` endpoint and `idformulaire` parameter are vulnerable to cross-site scripting. An attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user’s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4."},{"lang":"es","value":"YesWiki es un sistema wiki escrito en PHP. Antes de la versión 4.5.4, el endpoint `/?BazaR` y el parámetro `idformulaire` eran vulnerables a ataques de cross-site scripting. Un atacante puede usar un ataque de cross-site scripting reflejado para robar cookies de un usuario autenticado al hacer que haga clic en un enlace malicioso. Las cookies robadas permiten al atacante controlar la sesión del usuario. Esta vulnerabilidad también puede permitir a los atacantes desfigurar el sitio web o incrustar contenido malicioso. Este problema se ha corregido en la versión 4.5.4."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yeswiki:yeswiki:*:*:*:*:*:*:*:*","versionEndExcluding":"4.5.4","matchCriteriaId":"E3230BE7-CB3C-401F-A727-7052E9E07A68"}]}]}],"references":[{"url":"https://github.com/YesWiki/yeswiki/commit/4e9e51d80cd024ed2ac5c12c820817e6d8c2655a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/YesWiki/yeswiki/security/advisories/GHSA-ggqx-43h2-55jp","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Vendor Advisory"]}]}}]}