Description
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by SiteWatch · textwebappsphp
https://www.exploit-db.com/exploits/36498
exploitdb
WORKING POC
by Michael Brooks · textwebappsmultiple
https://www.exploit-db.com/exploits/17111
References (2)
Core 2
Core References
URL Repurposed x_refsource_misc
https://sitewat.ch/Advisory/View/4
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51276
Scores
EPSS
0.0033
EPSS Percentile
55.6%
Details
CWE
CWE-79
Status
published
Products (1)
yaws/yaws
1.88
Published
Dec 29, 2011
Tracked Since
Feb 18, 2026