CVE-2025-24017

CVE-2025-24017 is a DOM-based cross-site scripting (XSS) vulnerability, classified under CWE-79, affecting YesWiki, a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable due to improper server-side sanitization in the search by tag feature. When a non-existent tag is searched, it is reflected on the page without proper escaping, enabling attackers to craft malicious links that trigger XSS on any of YesWiki's pages when clicked by a victim. The issue has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L), indicating high integrity impact with low confidentiality and availability effects.

Any unauthenticated end-user can exploit this vulnerability by generating a malicious link that leverages the tag search reflection. Exploitation requires a victim to click the link, after which the XSS payload executes in the victim's browser context. Successful attacks enable account takeover, allowing attackers to steal other users' accounts, modify pages and comments, alter permissions, and extract sensitive user data such as emails. This compromises the integrity, availability, and confidentiality of the affected YesWiki instance.

Mitigation is available in YesWiki version 4.5.0, which patches the server-side sanitization issue. Security practitioners should upgrade to this version immediately. Additional details are provided in the YesWiki GitHub security advisory (GHSA-wphc-5f2j-jhvg) and the specific commit (c1e28b59394957902c31c850219e4504a20db98b) that addresses the flaw.