CVE-2025-64048

Name of the Vulnerable Software and Affected Versions YCCMS version 3.4

Description The software contains a stored cross-site scripting (XSS) issue in the article management functionality. The vulnerability is located in the add() and getPost() functions within the ArticleAction.class.php file. This is due to improper neutralization of user input in the article title field. The vulnerable parameter is the article title.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting or disabling the article management functionality.