CVE-2025-5383 MEDIUM

CVE-2025-5383: Yifang CMS Article Management Module cross site scripting

Vendor Yifang

Product CMS

Weakness CWE-79 · XSS

Published May 31, 2025

Last update June 2, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

May 31, 2025 CVE published

June 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-5383

Related vulnerabilities

04Related CVE

CVE-2026-9806 Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names CVE-2023-45758 WordPress Amministrazione Trasparente Plugin <= 8.0.2 is vulnerable to Cross Site Scripting (XSS) CVE-2026-27376 WordPress Claue - Clean, Minimal Elementor WooCommerce Theme theme <= 2.2.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-2906 Contempo Real Estate Core <= 3.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-58297 PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects

Identifiers

CVE CVE-2025-5383

CWE CWE-79

CVSS 4.8 / MEDIUM

Affected versions

Vendor Yifang

Product CMS

Affected 2.0.0

Vendor Yifang

Product CMS

Affected 2.0.1

Vendor Yifang

Product CMS

Affected 2.0.2