PT-2025-39181 · Yzmcms · Yzmcms
Published
2025-09-23
·
Updated
2025-09-23
·
CVE-2025-56304
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
YzmCMS versions through 7.3
Description
A cross-site scripting issue exists in YzmCMS. The issue is related to the handling of the
referer header on the register page, which could allow for malicious code execution. The referer header is a vulnerable parameter.Recommendations
Update YzmCMS to a version later than 7.3.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yzmcms