📦 Yzmcms

Name: Yzmcms
Author: Yzmcms

by Yzmcms

🔍 What is Yzmcms?

Description coming soon...

🛡️ Security Overview

Click on a severity to filter vulnerabilities

⚠️ Known Vulnerabilities

CVE-2022-23383

CRITICAL CVSS 9.1 Mar 10, 2022

CVE-2022-23383 is an authentication bypass vulnerability in YzmCMS v6.3 that allows unauthenticated attackers to access other users' personal home pages without proper login verification. This affects...

CVE-2024-28725

HIGH CVSS 7.1 May 6, 2024

This Cross-Site Scripting (XSS) vulnerability in YzmCMS 7.0 allows attackers to inject malicious scripts through Ads Management, Carousel Management, and System Settings modules. When exploited, it en...

CVE-2020-23595

HIGH CVSS 8.8 Aug 11, 2023

A Cross-Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6 allows attackers to trick authenticated administrators into performing unauthorized actions via the sitemodel/add.html endpoint....

CVE-2022-23888

HIGH CVSS 8.8 Jan 28, 2022

CVE-2022-23888 is a Cross-Site Request Forgery (CSRF) vulnerability in YzmCMS v6.3 that allows attackers to trick authenticated users into performing unintended actions via the comment component. This...

CVE-2020-19951

HIGH CVSS 8.8 Sep 23, 2021

This CSRF vulnerability in YzmCMS v5.5 allows attackers to trick authenticated users into performing unintended actions by submitting malicious requests. Attackers could potentially modify payment set...

CVE-2020-20341

HIGH CVSS 7.5 Sep 1, 2021

YzmCMS v5.5 contains a server-side request forgery (SSRF) vulnerability in the grab_image() function that allows attackers to make arbitrary HTTP requests from the vulnerable server. This can lead to ...

CVE-2020-35970

HIGH CVSS 7.5 Jun 3, 2021

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in YzmCMS 5.8's background collection management feature. It allows authenticated attackers to read arbitrary files from the serve...

CVE-2025-56304

MEDIUM CVSS 6.1 Sep 23, 2025

This cross-site scripting (XSS) vulnerability in YzmCMS allows attackers to inject malicious scripts via the referer header during user registration. When exploited, it can enable session hijacking, c...

CVE-2025-3397

MEDIUM CVSS 4.3 Apr 8, 2025

This vulnerability allows attackers to inject malicious scripts via the 'gourl' parameter in YzmCMS 7.1's message.tpl file, leading to cross-site scripting (XSS). Attackers can execute arbitrary JavaS...

CVE-2024-35110

MEDIUM CVSS 5.5 May 17, 2024

A reflected cross-site scripting (XSS) vulnerability in YzmCMS 7.1 allows attackers to steal session cookies from logged-in users. When authenticated users click malicious links containing crafted pay...