CVE-2026-34598
YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. This issue has been patched in version 4.6.0.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
YesWiki · yeswiki¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →