CVE-2025-46350 is a reflected cross-site scripting (XSS) vulnerability identified in YesWiki, a PHP-based wiki system. This vulnerability affects versions prior to 4.5.4. The root cause is improper neutralization of user input during web page generation, classified under CWE-79. An attacker can craft a malicious URL containing executable script code that, when clicked by an authenticated user, executes in the user's browser context. This allows the attacker to steal session cookies, potentially leading to session hijacking and unauthorized access to the victim's account. Additionally, the attacker may deface the website or inject malicious content, impacting the integrity and trustworthiness of the site. The vulnerability requires user interaction (clicking a malicious link) and privileges of an authenticated user to be exploited. The CVSS 3.1 base score is 3.5, reflecting a low severity primarily due to the requirement for user interaction and the limited scope of impact (confidentiality and integrity are affected, but availability is not). No known exploits are currently reported in the wild, and the issue has been patched in YesWiki version 4.5.4.

For European organizations using YesWiki, this vulnerability poses risks primarily to confidentiality and integrity of user sessions and website content. If exploited, attackers can hijack user sessions, leading to unauthorized access to sensitive wiki content, which may include internal documentation, project plans, or proprietary information. Website defacement or injection of malicious content could damage organizational reputation and erode user trust. Given that YesWiki is often used for collaborative documentation, the integrity of shared knowledge bases could be compromised. However, the impact is somewhat mitigated by the need for user interaction and authentication, limiting mass exploitation. Organizations with a significant number of authenticated users or those relying on YesWiki for critical internal communication may face higher risks. The vulnerability does not affect system availability, so operational disruption is unlikely. Overall, the threat is moderate but should not be ignored, especially in sectors where data confidentiality and integrity are paramount.

1. Immediate upgrade to YesWiki version 4.5.4 or later to apply the official patch addressing this vulnerability. 2. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 3. Conduct a thorough audit of all user input handling and output encoding in custom YesWiki plugins or extensions to ensure they do not introduce similar XSS flaws. 4. Educate users about the risks of clicking on suspicious links, especially those received via email or messaging platforms, to reduce the likelihood of successful phishing attempts exploiting this vulnerability. 5. Monitor web server logs for unusual URL patterns or repeated access attempts that may indicate exploitation attempts. 6. Employ web application firewalls (WAF) with rules tuned to detect and block reflected XSS payloads targeting YesWiki endpoints. 7. Regularly review and update session management policies to limit session lifetime and enforce secure cookie attributes (HttpOnly, Secure, SameSite) to reduce the impact of stolen cookies.