CVE Catalog
CVE-2025-52277
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk0.37%
29th percentile - higher than 29% of all known CVEs
Summary
A Cross Site Scripting (XSS) vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload in the meta configuration robots field.
Risk Assessment
An attacker can inject malicious scripts, leading to session hijacking, website defacement, or administrator account takeover.
Recommendation
Immediately update YesWiki to the latest version and implement input validation and sanitization for the meta robots field.
Original NVD description (English source)
Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field

