CVE-2025-24017: 
PHP vulnerability analysis and mitigation

YesWiki, a PHP-based wiki system, versions up to and including 4.4.5 were found to contain a DOM-based Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered in January 2025 and affects the search by tag feature, where malicious users can craft specially designed links that trigger XSS when clicked by other users (GitHub Advisory).

The vulnerability exists in the search by tag feature where tag names are not properly sanitized on the server side. When a tag doesn't exist, it is reflected on the page without proper sanitization, allowing attackers to inject malicious scripts. The issue is present in the tools/tags/handlers/page/listpages.php file. The vulnerability has been assigned a CVSS v3.1 score of 7.6 (High), with attack vector being Network, attack complexity Low, requiring no privileges, but needing user interaction (GitHub Advisory).

The vulnerability allows any user to generate malicious links that can trigger account takeover when clicked. Successful exploitation enables attackers to steal user accounts, modify pages and comments, alter permissions, and extract user data including email addresses. This compromises the integrity, availability, and confidentiality of YesWiki instances (GitHub Advisory).

The vulnerability has been patched in version 4.5.0. The fix includes proper sanitization of tag names using htmlspecialchars() function. Additional recommended security measures include implementing a stronger password reset mechanism, not showing password reset links to logged-in users, generating and emailing reset tokens with expiration dates, and implementing a strong Content Security Policy with random nonces (GitHub Advisory).