RCE in Yzmcms
CVE-2025-3397
A vulnerability classified as problematic has been found in YzmCMS 7.1. Affected is an unknown function of the file message.tpl. The manipulation of the argument gourl leads to cross site scripting. It is possible to launch the attack remo…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.005 (36.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N.
Affected products
- Yzmcms — versions 7.1
- N/a Yzmcms — versions 7.1
Weakness classification (CWE)
References
- cna@vuldb.com (technical-description, VDB Entry, Third Party Advisory, vdb-entry)
- cna@vuldb.com (signature, Permissions Required, permissions-required, VDB Entry)
- cna@vuldb.com (VDB Entry, Third Party Advisory, third-party-advisory)
- cna@vuldb.com (Exploit, Third Party Advisory, exploit)
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Exploit, Third Party Advisory)
Frequently asked questions
- What is CVE-2025-3397?
- CVE-2025-3397 is a medium-severity vulnerability in Yzmcms, classified under Cross-site Scripting. CVSS score: 4.3/10. Published 2025-04-08.
- How severe is CVE-2025-3397?
- Medium severity. CVSS v3 base score is 4.3 out of 10.