CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-34598

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. This issue has been patched in version 4.6.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.5%

CVSS Severity

References

https://github.com/YesWiki/yeswiki/releases/tag/v4.6.0
https://github.com/YesWiki/yeswiki/security/advisories/GHSA-37fq-47qj-6j5j

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-34598

Products

Pricing

Contact Us