CVE-2025-64048

Published: Nov 24, 2025Modified: Dec 1, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field.

Affected (1)

Products: Yccms: Yccms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Yccms Yccms	Version 3.4

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

http://yccms.com

Source: cve@mitre.org

Broken Link

https://gist.github.com/b1uel0n3/8354650e683ffb0812bfe72b702b482d

Source: cve@mitre.org

Third Party Advisory

Timeline

No history available yet.