CVE-2025-64048

MEDIUM

YCCMS 3.4 - Stored Cross-Site Scripting in Article Title Field

Title source: llm
STIX 2.1

Description

YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field.

References (2)

Core 2

Scores

CVSS v3 6.1
EPSS 0.0016
EPSS Percentile 5.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
yccms/yccms 3.4
Published Nov 24, 2025
Tracked Since Feb 18, 2026