CVE-2026-15202 | YzmCMS up to 7.5 Header /yzmphp/yzmphp.php get_url HTTP_HOST cross site scripting

SecurityVulns

A vulnerability was found in YzmCMS up to 7.5. It has been classified as problematic. Affected is the function get_url of the file /yzmphp/yzmphp.php of the component Header Handler. The manipulation of the argument HTTP_HOST leads to cross site scripting.

This vulnerability is listed as CVE-2026-15202. The attack may be initiated remotely. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More