CVE-2025-56304
📋 TL;DR
This cross-site scripting (XSS) vulnerability in YzmCMS allows attackers to inject malicious scripts via the referer header during user registration. When exploited, it can enable session hijacking, credential theft, or website defacement. All YzmCMS installations up to version 7.3 with user registration enabled are affected.
💻 Affected Systems
- YzmCMS
📦 What is this software?
Yzmcms by Yzmcms
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover of admin users, leading to full website compromise, data exfiltration, or malware distribution to visitors.
Likely Case
Session hijacking of regular users, credential theft via phishing, or website defacement affecting user trust.
If Mitigated
Limited impact with proper input validation and output encoding, potentially only affecting non-sensitive user data.
🎯 Exploit Status
Exploitation requires tricking users into visiting a malicious registration link. No authentication needed to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 7.4 or later
Vendor Advisory: https://www.yzmcms.com/
Restart Required: No
Instructions:
1. Backup your current installation. 2. Download YzmCMS 7.4 or later from the official website. 3. Replace affected files with patched versions. 4. Clear any cached content. 5. Test registration functionality.
🔧 Temporary Workarounds
Input Validation for Referer Header
allAdd server-side validation to sanitize referer header input before processing
Modify registration controller to validate referer header using regex: /^[a-zA-Z0-9\-\.\/\?\=\&\_]+$/
Disable User Registration
allTemporarily disable user registration functionality if not required
Edit configuration to disable registration: $config['user_reg'] = 0;
🧯 If You Can't Patch
- Implement WAF rules to block malicious referer headers containing script tags
- Add Content Security Policy headers to restrict script execution
🔍 How to Verify
Check if Vulnerable:
Test registration with malicious referer header containing <script>alert('XSS')</script> and check if script executesCheck Version:
Check YzmCMS version in admin panel or view source for version metadataVerify Fix Applied:
Attempt same XSS test after patching - script should not execute and input should be properly sanitized📡 Detection & Monitoring
Log Indicators:
- Unusual referer headers containing script tags or JavaScript code in registration logs
- Multiple failed registration attempts with similar referer patterns
Network Indicators:
- HTTP requests to registration endpoint with suspicious referer headers
- Outbound connections to unknown domains following registration
SIEM Query:
source="web_logs" AND uri="/register" AND referer CONTAINS "<script>"