CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.4%

CVSS Severity

CVSS v3 Score 6.1

References

http://yccms.com
https://gist.github.com/b1uel0n3/8354650e683ffb0812bfe72b702b482d

Products affected by CVE-2025-64048

Yccms » Yccms » Version: 3.4

cpe:2.3:a:yccms:yccms:3.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-64048

Products

Pricing

Contact Us