CVE-2018-7653
MEDIUM NUCLEIYzmCMS 3.6 - Cross-Site Scripting via Index.php Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-7653. PoCs published by zzw. A Nuclei detection template is also available.
AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in YzmCMS 3.6 by injecting malicious JavaScript payloads into the URL parameters. The payloads are executed when the victim visits the crafted URL, triggering an alert dialog.
Description
In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
Exploits (1)
exploitdb
WORKING POC
by zzw · textwebappsphp
https://www.exploit-db.com/exploits/44405
The exploit demonstrates a reflected XSS vulnerability in YzmCMS 3.6 by injecting malicious JavaScript payloads into the URL parameters. The payloads are executed when the victim visits the crafted URL, triggering an alert dialog.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
YzmCMS 3.6
No auth needed
Prerequisites:
Victim must visit the crafted URL
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Nuclei Templates (1)
YzmCMS v3.6 - Cross-Site Scripting
MEDIUMby ritikchaddha
Shodan:
title:"YzmCMS" || http.title:"yzmcms"
FOFA:
title="YzmCMS" || title="yzmcms"
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/147065/YzmCMS-3.6-Cross-Site-Scripting.html
Third Party Advisory x_refsource_misc
https://github.com/ponyma233/YzmCMS/blob/master/YzmCMS_3.6_bug.md
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44405/
Scores
CVSS v3
6.1
EPSS
0.0886
EPSS Percentile
94.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
yzmcms/yzmcms
3.6
Published
Mar 04, 2018
Tracked Since
Feb 18, 2026