CVE-2025-46550 PoC — YesWiki 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-46550.yaml

Associated Vulnerability

Title:YesWiki 跨站脚本漏洞 (CVE-2025-46550)
Description:YesWiki是法国YesWiki组织的一个用 PHP 编写的 wiki 系统。用于以协作方式创建和管理网站。 YesWiki 4.5.4之前版本存在跨站脚本漏洞，该漏洞源于/?BazaR端点和idformulaire参数存在跨站脚本攻击。

Description

YesWiki < 4.5.4 contains a reflected cross-site scripting caused by unsanitized `idformulaire` parameter in `/?BazaR` endpoint, letting attackers steal cookies and hijack sessions, exploit requires user to click malicious link.

File Snapshot


 id: CVE-2025-46550

info:
  name: YesWiki < 4.5.4 - Cross-Site Scripting
  author: MuhammadWaseem
  

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!