{"vulnerability": "CVE-2025-46350", "sightings": [{"uuid": "aaac632f-02fb-4950-ac77-6b8e09a41d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46350", "type": "seen", "source": "https://t.me/cvedetector/24041", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-46350 - YesWiki Reflected Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-46350 \nPublished : April 29, 2025, 6:15 p.m. | 39\u00a0minutes ago \nDescription : YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"29 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-29T21:01:13.000000Z"}, {"uuid": "acf43800-27a6-4106-9a5d-847de10d87a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46350", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lny2ikh2fj2n", "content": "", "creation_timestamp": "2025-04-29T19:50:36.159630Z"}, {"uuid": "c0424aeb-b5bd-42cb-b26b-d662e9b1344f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-46350", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13884", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-46350\n\ud83d\udd25 CVSS Score: 3.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N)\n\ud83d\udd39 Description: YesWiki is a wiki system written in PHP. Prior to version 4.5.4, an attacker can use a reflected cross-site scripting attack to steal cookies from an authenticated user by having them click on a malicious link. Stolen cookies allow the attacker to take over the user\u2019s session. This vulnerability may also allow attackers to deface the website or embed malicious content. This issue has been patched in version 4.5.4.\n\ud83d\udccf Published: 2025-04-29T17:11:18.291Z\n\ud83d\udccf Modified: 2025-04-29T18:00:34.649Z\n\ud83d\udd17 References:\n1. https://github.com/YesWiki/yeswiki/security/advisories/GHSA-cg4f-cq8h-3ch8\n2. https://github.com/YesWiki/yeswiki/commit/e2603176a4607b83659635a0c517550d4a171cb9", "creation_timestamp": "2025-04-29T18:12:21.000000Z"}]}