YesWiki Stored Cross-Site Scripting Vulnerability in Comments Feature

A stored cross-site scripting vulnerability has been identified in YesWiki versions prior to 4.5.4. This issue arises in the comments feature, where the application fails to adequately sanitize user input. As a result, malicious actors can inject JavaScript payloads that are executed in the browsers of users viewing the affected comments. While the application blocks the execution of <script> tags, it does not recognize payloads hidden using JavaScript block comments. This vulnerability has been patched in version 4.5.4.

Impact

Exploitation of this vulnerability allows for the injection of arbitrary JavaScript, which is executed in the context of the user viewing the comment. This could potentially be used to exploit other vulnerabilities, such as achieving remote code execution.

Reproduction

To reproduce this vulnerability, submit a comment containing a JavaScript payload wrapped in a block comment, such as '/*<script>alert("pizzapower")</script>*/'. After the comment is posted, the JavaScript will execute immediately and on subsequent page visits.

Remediation

Users can update to YesWiki version 4.5.4 or later to address this vulnerability.