Login Sign Up

CVE-2025-3397

4.3 MEDIUM
Cross-Site Scripting

📋 TL;DR

This vulnerability allows attackers to inject malicious scripts via the 'gourl' parameter in YzmCMS 7.1's message.tpl file, leading to cross-site scripting (XSS). Attackers can execute arbitrary JavaScript in victims' browsers when they view manipulated content. All users running YzmCMS 7.1 with the vulnerable message.tpl file are affected.

💻 Affected Systems

Products:
  • YzmCMS
Versions: 7.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the message.tpl template file when the 'gourl' parameter is not properly sanitized.

📦 What is this software?

Yzmcms by Yzmcms

View all CVEs affecting Yzmcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or deliver malware through the compromised web application.

🟠

Likely Case

Attackers will typically use this to steal session cookies or credentials, perform phishing attacks, or deface websites by injecting malicious content.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be neutralized, preventing execution in users' browsers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The exploit has been publicly disclosed and requires minimal technical skill to execute. Attackers can launch this remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch is available as the vendor has not responded. Monitor the YzmCMS website or repository for updates.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation and sanitization of the 'gourl' parameter to remove or encode malicious characters.

Content Security Policy (CSP)

all

Implement a strict CSP header to prevent execution of inline scripts and restrict script sources to trusted domains only.

🧯 If You Can't Patch

  • Implement a Web Application Firewall (WAF) with XSS protection rules to block malicious requests.
  • Disable or restrict access to the vulnerable message.tpl functionality if not essential.

🔍 How to Verify

Check if Vulnerable:

Test by injecting a simple script payload into the 'gourl' parameter and checking if it executes in the browser.

Check Version:

Check the YzmCMS version in the admin panel or configuration files.

Verify Fix Applied:

After applying workarounds, test with the same payload to ensure it is properly sanitized or blocked.

📡 Detection & Monitoring

Log Indicators:

  • Log entries showing suspicious 'gourl' parameter values containing script tags or JavaScript code.

Network Indicators:

  • HTTP requests with 'gourl' parameter containing script tags or encoded JavaScript.

SIEM Query:

http.uri_query contains 'gourl' AND (http.uri_query contains '<script' OR http.uri_query contains 'javascript:')

📊 Metadata

CVE ID: CVE-2025-3397
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-79
EPSS Score: 0.21% exploit probability (43.5th percentile)
Published: April 8, 2025
Last Updated: April 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3397, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)