CVE-2026-34598
YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. This issue has been patched in version 4.6.0.
| CWE | CWE-79 CWE-87 |
| Vendor | yeswiki |
| Product | yeswiki |
| Published | Apr 2, 2026 |
| Last Updated | Apr 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for yeswiki yeswiki
Be the first to know when new unknown vulnerabilities affecting yeswiki yeswiki are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
YesWiki / yeswiki
< 4.6.0