Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. yeswiki/yeswiki
  4. ›
  5. CVE-2026-52773

CVE-2026-52773: YesWiki Vulnerable to Reflected XSS via Unescaped Archived-Revision `time` Parameter in `handlers/page/show.php`

July 9, 2026

YesWiki’s archived-revision view reflects the time GET parameter into a hidden HTML input in handlers/page/show.php without escaping. Because MySQL coerces malformed DATETIME strings, an attacker can append HTML or JavaScript to a valid archived revision timestamp, still load that archived revision, and execute arbitrary JavaScript in the victim’s browser.

The vulnerable form is only rendered when the victim can both read and edit the target page. In restricted deployments this requires a victim with read and write access to that page. On a default doryphore 4.6.5 install, public pages such as PagePrincipale were editable anonymously during validation, so the issue can also affect unauthenticated visitors in that configuration.

References

  • github.com/YesWiki/yeswiki/commit/35ad9c2bb6cd338198b37c1f745e24bc302a3560
  • github.com/YesWiki/yeswiki/security/advisories/GHSA-35f3-pg38-486f
  • github.com/advisories/GHSA-35f3-pg38-486f
  • nvd.nist.gov/vuln/detail/CVE-2026-52773

Code Behaviors & Features

Detect and mitigate CVE-2026-52773 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 4.1.0 before 4.6.6

Fixed versions

  • 4.6.6

Solution

Upgrade to version 4.6.6 or above.

Impact 6.1 MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Learn more about CVSS

Weakness

  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Source file

packagist/yeswiki/yeswiki/CVE-2026-52773.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Fri, 10 Jul 2026 12:17:13 +0000.