CVE-2025-64048

MEDIUM

6.1

Beschreibung

YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field.

CVE Details

CVSS v3.1 Bewertung6.1

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht11/24/2025

Zuletzt geandert12/1/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

yccms:yccms

Schwachen (CWE)

CWE-79

Referenzen

http://yccms.com(cve@mitre.org)

https://gist.github.com/b1uel0n3/8354650e683ffb0812bfe72b702b482d(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.