Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

YesWiki — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting YesWiki. AI-powered Chinese analysis, POCs, and references for each vulnerability.

YesWiki is a collaborative wiki platform designed for knowledge sharing and collective content creation. Historically, it has been vulnerable to multiple security issues including remote code execution (RCE), cross-site scripting (XSS), privilege escalation, and path traversal vulnerabilities, with 14 CVEs documented to date. These vulnerabilities often stem from insufficient input validation, improper access controls, and insecure default configurations. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities suggests ongoing security challenges. The platform's open-source nature allows for community-driven improvements, but users must remain vigilant about applying security patches and hardening configurations to mitigate potential risks.

Top products by YesWiki: yeswiki
CVE IDTitleCVSSSeverityPublished
CVE-2026-41143 YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() — yeswikiCWE-89 8.8 High2026-05-07
CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter" — yeswikiCWE-79 6.1AIMediumAI2026-04-02
CVE-2025-46550 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting — yeswikiCWE-79 4.3 Medium2025-04-29
CVE-2025-46549 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting — yeswikiCWE-79 4.3 Medium2025-04-29
CVE-2025-46348 YesWiki Vulnerable to Unauthenticated Site Backup Creation and Download — yeswikiCWE-287 10.0 Critical2025-04-29
CVE-2025-46350 Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting — yeswikiCWE-79 3.5 Low2025-04-29
CVE-2025-46349 YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting — yeswikiCWE-79 7.6 High2025-04-29
CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution — yeswikiCWE-116 8.8AIHighAI2025-04-29
CVE-2025-46346 YesWiki Vulnerable to Stored XSS in Comments — yeswikiCWE-79 5.4AIMediumAI2025-04-29
CVE-2025-31131 Path Traversal allowing arbitrary read of files in Yeswiki — yeswikiCWE-22 8.6 High2025-04-01
CVE-2025-24019 YesWiki vulnerable to authenticated arbitrary file deletion — yeswikiCWE-22 7.1 High2025-01-21
CVE-2025-24018 YesWiki Vulnerable to Authenticated Stored XSS — yeswikiCWE-79 7.6 High2025-01-21
CVE-2025-24017 YesWiki Vulnerable to Unauthenticated DOM Based XSS — yeswikiCWE-79 7.6 High2025-01-21
CVE-2024-51478 Use of a Broken or Risky Cryptographic Algorithm in YesWiki — yeswikiCWE-327 9.9 Critical2024-10-31

This page lists every published CVE security advisory associated with YesWiki. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.