What is the CVSS score of CVE-2025-24018?

CVE-2025-24018 has a CVSS 3.1 base score of 7.6 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L. EPSS exploitation probability: 0.2%.

Which versions of Yeswiki are affected by CVE-2025-24018?

Organizations using PHP. In face notable risk from CVE-2025-24018, a cross-site scripting vulnerability rated CVSS 7.6.. A patch is available.

Is there a public PoC exploit available for CVE-2025-24018?

Yes, a public proof-of-concept exploit is available for CVE-2025-24018. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-24018?

Within 30 days: Identify all affected systems running PHP. In and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens and content security policies are enforced.

Yeswiki CVE-2025-24018

HIGH

Cross-site Scripting (XSS) (CWE-79)

2025-01-21 security-advisories@github.com

File Upload XSS Yeswiki

7.6

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

7.6 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:04 vuln.today

Patch released

Mar 28, 2026 - 18:04 nvd

Patch available

PoC Detected

May 09, 2025 - 14:02 vuln.today

Public exploit code

CVE Published

Jan 21, 2025 - 17:15 nvd

HIGH 7.6

DescriptionGitHub Advisory

YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the content edition feature and more specifically of the {{attach}} component allowing users to attach files/medias to a page. When a file is attached using the {{attach}} component, if the resource contained in the file attribute doesn't exist, then the server will generate a file upload button containing the filename. This vulnerability allows any malicious authenticated user that has the right to create a comment or edit a page to be able to steal accounts and therefore modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.

AnalysisAI

YesWiki is a wiki system written in PHP. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which will be reflected on any page where the resource is loaded. The vulnerability makes use of the content edition feature and more specifically of the {{attach}} component allowing users to attach files/medias to a page. When a file is attached using the {{attach}} component, if the resource contained in the file attribute doesn't exist, then the server will generate a file upload button containing the filename. This vulnerability allows any malicious authenticated user that has the right to create a comment or edit a page to be able to steal accounts and therefore modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue. Affected products include: Yeswiki. Version information: Version 4.5.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2025-24018 vulnerability details – vuln.today

Back