CVE Catalog

CVE-2025-52277

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

A Cross Site Scripting (XSS) vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload in the meta configuration robots field.

Risk Assessment

An attacker can inject malicious scripts, leading to session hijacking, website defacement, or administrator account takeover.

Recommendation

Immediately update YesWiki to the latest version and implement input validation and sanitization for the meta robots field.

Original NVD description (English source)

Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field

Vulnerability data from NVD (NIST) · CISA KEV · EPSS