CVE Catalog

CVE-2025-56304

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile - higher than 9% of all known CVEs

Summary

Cross-site scripting (XSS) vulnerability in YzmCMS through version 7.3, located in the referer header on the registration page. It allows an attacker to inject malicious script into the victim's browser.

Risk Assessment

The risk involves potential session theft, redirection to malicious sites, or other actions within the victim's session context, which could compromise data confidentiality and integrity.

Recommendation

Immediately update YzmCMS to a version later than 7.3 that includes a fix for this vulnerability. If an update is not possible, implement filtering and sanitization of the referer header on the registration page.

Original NVD description (English source)

Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3 via the referer header in the register page.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS