We found results for “”
WS-2022-0251
Good to know:
Date: July 27, 2022
In YesWiki up to and including v4.2.2, A Cross-Site-Scripting (XSS) vulnerability was found in the file upload function. The server allow upload .xml file with contain some javascript code lead to XSS. This issue is fixed in v4.2.3 and above.
Language: PHP
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |