CVE-2025-56304
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk9th percentile - higher than 9% of all known CVEs
Summary
Cross-site scripting (XSS) vulnerability in YzmCMS through version 7.3, located in the referer header on the registration page. It allows an attacker to inject malicious script into the victim's browser.
Risk Assessment
The risk involves potential session theft, redirection to malicious sites, or other actions within the victim's session context, which could compromise data confidentiality and integrity.
Recommendation
Immediately update YzmCMS to a version later than 7.3 that includes a fix for this vulnerability. If an update is not possible, implement filtering and sanitization of the referer header on the registration page.
Original NVD description (English source)
Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3 via the referer header in the register page.

