Yzmcms: community verdicts
3 notable / known-exploited Yzmcms CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Yzmcms CVE, see NVD ↗.
- CVE-2022-23383CRIT 9.1Real · low riskEPSS 1%
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out.
- CVE-2021-36712MED 5.4EPSS 0%
Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function.
- CVE-2025-56304MED 6.1EPSS 0%
Cross-site scripting (XSS) vulnerability in YzmCMS thru 7.3 via the referer header in the register page.