CNNVD-202511-2613 Information

CNNVD ID

CNNVD-202511-2613

Related CVE

CVE-2025-64048

• CNNVD Published: 2025-11-24

Description (Chinese)

Yccms是Yccms团队的一个基于Php的轻量级CMS建站系统。 Yccms 3.4版本存在安全漏洞，该漏洞源于ArticleAction.class.php文件中add和getPost函数对文章标题字段输入中和不当，可能导致存储型跨站脚本攻击。

Description (English)

Yccms is a Php-based lightweight CMS station system of the Yccms team. There is a security loophole in version 3.4 of Yccms, which stems from the fact that the ArticleAction.class.php document add and the GetPost function entered inappropriately into the article title fields, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Yccms

Published

2025-11-24

Last Modified

2026-02-24

References

https://gist.github.com/b1uel0n3/8354650e683ffb0812bfe72b702b482d http://yccms.com https://access.redhat.com/security/cve/cve-2025-64048