CVE-2025-46549 is a reflected Cross-Site Scripting (XSS) vulnerability affecting YesWiki, a PHP-based wiki system, in versions prior to 4.5.4. The vulnerability arises from improper neutralization of user-supplied input during web page generation, classified under CWE-79. An attacker can craft a malicious URL containing executable script code that, when clicked by an authenticated user, executes in the victim's browser context. This allows the attacker to steal session cookies, enabling session hijacking and unauthorized access to the victim's account. Beyond session theft, the attacker may also deface the website or inject malicious content, potentially damaging the integrity and reputation of the affected site. The vulnerability requires no prior authentication but does require user interaction (clicking the malicious link). The CVSS v3.1 base score is 4.3 (medium severity), reflecting the network attack vector, low attack complexity, no privileges required, but user interaction needed, and limited impact primarily on integrity. No known exploits are currently reported in the wild. The issue has been addressed in YesWiki version 4.5.4, where proper input sanitization and output encoding have been implemented to mitigate this reflected XSS risk.

For European organizations using YesWiki versions earlier than 4.5.4, this vulnerability poses a risk of session hijacking through stolen cookies, which can lead to unauthorized access to sensitive wiki content. This can compromise the confidentiality and integrity of internal documentation, collaborative projects, or knowledge bases. Website defacement or injection of malicious content can damage organizational reputation and trust, especially for public-facing wikis. Since YesWiki is often used by small to medium enterprises, educational institutions, and non-profits, the impact may be more pronounced where security resources are limited. The requirement for user interaction (clicking a malicious link) means phishing or social engineering campaigns could be used to exploit this vulnerability. While availability is not directly impacted, the indirect effects of compromised user sessions and content integrity can disrupt normal operations and collaboration workflows.

1. Immediate upgrade to YesWiki version 4.5.4 or later to apply the official patch that fixes the XSS vulnerability. 2. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 3. Educate users on phishing risks and encourage cautious behavior regarding clicking unknown or suspicious links, especially in emails or messages. 4. Employ web application firewalls (WAFs) with rules tuned to detect and block reflected XSS attack patterns targeting YesWiki endpoints. 5. Regularly audit and sanitize all user-generated content and input fields within YesWiki installations to ensure no residual injection vectors remain. 6. Monitor web server and application logs for unusual URL requests or repeated suspicious activity indicative of attempted exploitation. 7. For organizations with custom YesWiki deployments, review and harden any custom plugins or extensions that might bypass standard input validation mechanisms.