CVE-2025-46550 is a reflected Cross-Site Scripting (XSS) vulnerability affecting YesWiki, a PHP-based wiki system. The vulnerability exists in versions prior to 4.5.4, specifically in the handling of the `/?BazaR` endpoint and the `idformulaire` parameter. Improper neutralization of input during web page generation allows an attacker to inject malicious scripts that are reflected back to the user. When an authenticated user clicks on a crafted malicious link, the injected script executes in their browser context. This can lead to theft of session cookies, enabling session hijacking and unauthorized access to the victim’s account. Additionally, attackers may deface the website or embed malicious content, potentially damaging the integrity and reputation of the affected site. The vulnerability does not require authentication but does require user interaction (clicking the malicious link). The CVSS 3.1 base score is 4.3 (medium severity), reflecting a network attack vector with low complexity and no privileges required, but requiring user interaction. The vulnerability has been patched in YesWiki version 4.5.4, and no known exploits are currently reported in the wild. The issue is categorized under CWE-79, which concerns improper neutralization of input leading to XSS attacks. This vulnerability primarily impacts confidentiality and integrity, with no direct impact on availability.

For European organizations using YesWiki versions prior to 4.5.4, this vulnerability poses a risk of session hijacking through stolen cookies, potentially allowing attackers to impersonate legitimate users and access sensitive information or administrative functions. This can lead to unauthorized data disclosure, modification of wiki content, and website defacement. Organizations relying on YesWiki for internal knowledge management or public-facing documentation may suffer reputational damage and operational disruption. The impact is heightened for entities with sensitive or regulated data, such as government agencies, educational institutions, and enterprises in sectors like finance or healthcare. Since the attack requires user interaction, phishing campaigns targeting employees or users are a likely exploitation vector. The lack of known exploits in the wild suggests limited current active exploitation, but the presence of a public CVE and patch availability means attackers may develop exploits soon, increasing risk. The vulnerability does not affect availability directly but compromises confidentiality and integrity, which can have cascading operational and compliance consequences.

1. Immediate upgrade to YesWiki version 4.5.4 or later to apply the official patch addressing this XSS vulnerability. 2. Implement Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts and reduce the impact of potential XSS attacks. 3. Employ web application firewalls (WAFs) with rules specifically tuned to detect and block reflected XSS payloads targeting the `/?BazaR` endpoint and `idformulaire` parameter. 4. Conduct user awareness training focused on phishing and social engineering to reduce the likelihood of users clicking malicious links. 5. Review and sanitize all user inputs and URL parameters in custom extensions or integrations with YesWiki to ensure no additional XSS vectors exist. 6. Monitor web server logs and application logs for unusual requests or patterns indicative of attempted exploitation. 7. For high-value targets, consider implementing multi-factor authentication (MFA) to mitigate the impact of stolen session cookies. 8. Regularly audit and update all third-party components and dependencies to maintain security hygiene.