https://db.gcve.eu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 03 May 2026 03:11:15 +0000 https://db.gcve.eu/sighting/17a6a183-22ce-417a-9055-a76b1b113639/export {"uuid": "17a6a183-22ce-417a-9055-a76b1b113639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-wphc-5f2j-jhvg", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113867102324757033", "content": "", "creation_timestamp": "2025-01-21T15:41:36.129673Z"} {"uuid": "17a6a183-22ce-417a-9055-a76b1b113639", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-wphc-5f2j-jhvg", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113867102324757033", "content": "", "creation_timestamp": "2025-01-21T15:41:36.129673Z"} https://db.gcve.eu/sighting/17a6a183-22ce-417a-9055-a76b1b113639/export Tue, 21 Jan 2025 15:41:36 +0000 https://db.gcve.eu/sighting/1e0162d0-e1e7-4cb5-a160-8691de7886fb/export {"uuid": "1e0162d0-e1e7-4cb5-a160-8691de7886fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-WPHC-5F2J-JHVG", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2417", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24017\n\ud83d\udd39 Description: YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't exist, the tag is reflected on the page and isn't properly sanitized on the server side which allows a malicious user to generate a link that will trigger an XSS on the client's side when clicked. This vulnerability allows any user to generate a malicious link that will trigger an account takeover when clicked, therefore allowing a user to steal other accounts, modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.\n\ud83d\udccf Published: 2025-01-21T15:37:58.654Z\n\ud83d\udccf Modified: 2025-01-21T15:37:58.654Z\n\ud83d\udd17 References:\n1. https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wphc-5f2j-jhvg\n2. https://github.com/YesWiki/yeswiki/commit/c1e28b59394957902c31c850219e4504a20db98b\n3. https://github.com/YesWiki/yeswiki/blob/doryphore-dev/tools/tags/handlers/page/listpages.php#L84", "creation_timestamp": "2025-01-21T16:00:41.000000Z"} {"uuid": "1e0162d0-e1e7-4cb5-a160-8691de7886fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-WPHC-5F2J-JHVG", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2417", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-24017\n\ud83d\udd39 Description: YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on a malicious link. The vulnerability makes use of the search by tag feature. When a tag doesn't exist, the tag is reflected on the page and isn't properly sanitized on the server side which allows a malicious user to generate a link that will trigger an XSS on the client's side when clicked. This vulnerability allows any user to generate a malicious link that will trigger an account takeover when clicked, therefore allowing a user to steal other accounts, modify pages, comments, permissions, extract user data (emails), thus impacting the integrity, availability and confidentiality of a YesWiki instance. Version 4.5.0 contains a patch for the issue.\n\ud83d\udccf Published: 2025-01-21T15:37:58.654Z\n\ud83d\udccf Modified: 2025-01-21T15:37:58.654Z\n\ud83d\udd17 References:\n1. https://github.com/YesWiki/yeswiki/security/advisories/GHSA-wphc-5f2j-jhvg\n2. https://github.com/YesWiki/yeswiki/commit/c1e28b59394957902c31c850219e4504a20db98b\n3. https://github.com/YesWiki/yeswiki/blob/doryphore-dev/tools/tags/handlers/page/listpages.php#L84", "creation_timestamp": "2025-01-21T16:00:41.000000Z"} https://db.gcve.eu/sighting/1e0162d0-e1e7-4cb5-a160-8691de7886fb/export Tue, 21 Jan 2025 16:00:41 +0000