yeswiki — Vulnerabilities & Security Advisories 14

All 14 CVE vulnerabilities found in yeswiki, with AI-generated Chinese analysis, references, and POCs.

Vendor: YesWiki

CVE ID	Title	CVSS	Severity	Published
CVE-2026-41143	YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() CWE-89	8.8	High	2026-05-07
CVE-2026-34598	YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter" CWE-79	6.1^AI	Medium^AI	2026-04-02
CVE-2025-46550	Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting CWE-79	4.3	Medium	2025-04-29
CVE-2025-46549	Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting CWE-79	4.3	Medium	2025-04-29
CVE-2025-46348	YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download CWE-287	10.0	Critical	2025-04-29
CVE-2025-46350	Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting CWE-79	3.5	Low	2025-04-29
CVE-2025-46349	YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting CWE-79	7.6	High	2025-04-29
CVE-2025-46347	YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution CWE-116	8.8^AI	High^AI	2025-04-29
CVE-2025-46346	YesWiki Vulnerable to Stored XSS in Comments CWE-79	5.4^AI	Medium^AI	2025-04-29
CVE-2025-31131	Path Traversal allowing arbitrary read of files in Yeswiki CWE-22	8.6	High	2025-04-01
CVE-2025-24019	YesWiki vulnerable to authenticated arbitrary file deletion CWE-22	7.1	High	2025-01-21
CVE-2025-24018	YesWiki Vulnerable to Authenticated Stored XSS CWE-79	7.6	High	2025-01-21
CVE-2025-24017	YesWiki Vulnerable to Unauthenticated DOM Based XSS CWE-79	7.6	High	2025-01-21
CVE-2024-51478	Use of a Broken or Risky Cryptographic Algorithm in YesWiki CWE-327	9.9	Critical	2024-10-31

All 14 known CVE vulnerabilities affecting yeswiki with full Chinese analysis, references, and POCs where available.