Reconnecting to live updates…

CVE-2025-66094: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dmccan Yada Wiki

Medium

VulnerabilityCVE-2025-66094cve cve-2025-66094 cwe-79

Published: Tue Dec 30 2025 (12/30/2025, 16:17:26 UTC)

Source: CVE Database V5

Vendor/Project: dmccan

Product: Yada Wiki

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yada Wiki yada-wiki allows Stored XSS.This issue affects Yada Wiki: from n/a through 3.5.

Technical Details

Data Version: 5.2
Assigner Short Name: Patchstack
Date Reserved: 2025-11-21T11:21:12.145Z
Cvss Version: 3.1
State: PUBLISHED

Threat ID: 6953fe4971a94549f1d3cd04

Added to database: 12/30/2025, 4:31:05 PM

Last updated: 12/30/2025, 5:37:16 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2025-66848: n/a

Unknown

VulnerabilityTue Dec 30 2025

CVE-2025-15257: Command Injection in Edimax BR-6208AC

Medium

VulnerabilityTue Dec 30 2025

CVE-2025-66103: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Revmakx WPCal.io

Medium

VulnerabilityTue Dec 30 2025

CVE-2025-52835: CWE-352 Cross-Site Request Forgery (CSRF) in ConoHa by GMO WING WordPress Migrator

Critical

VulnerabilityTue Dec 30 2025

CVE-2025-65925: n/a

Unknown

VulnerabilityTue Dec 30 2025

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

CVE-2025-66094: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dmccan Yada Wiki

CVE-2025-66094: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dmccan Yada Wiki

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-66848: n/a

CVE-2025-15257: Command Injection in Edimax BR-6208AC

CVE-2025-66103: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Revmakx WPCal.io

CVE-2025-52835: CWE-352 Cross-Site Request Forgery (CSRF) in ConoHa by GMO WING WordPress Migrator

CVE-2025-65925: n/a

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility