YesWiki Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in YesWiki versions through 4.5.1. The issue arises in the `/?BazaR` endpoint, specifically with the `idformulaire` parameter, which fails to properly sanitize input. This allows attackers to inject malicious scripts that could be executed in the context of the user's browser. Exploitation of this vulnerability could lead to cookie theft from authenticated users, allowing attackers to hijack their sessions. Additionally, this vulnerability could be used to deface the website or embed harmful content.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the user's browser. This could lead to cookie theft from authenticated users, session hijacking, website defacement, or the embedding of malicious content.

Reproduction

To reproduce this vulnerability, send a request to the `/?BazaR` endpoint with a crafted `idformulaire` parameter that includes a script tag, such as `<script>alert(1)</script>`. When the link is clicked, an alert box will appear, demonstrating the execution of the injected script.

Remediation

Users can upgrade to YesWiki version 4.5.4 or later, where this vulnerability has been patched.