Huuuz

**Name of the Vulnerable Software and Affected Versions** YiiCMS versions 1.2.0 and prior YiiCMS version 1.0 **Description** The issue allows a remote attacker to execute arbitrary code via the news function, which is affected by a Cross Site Scripting vulnerability. **Recommendations** For YiiCMS versions 1.2.0 and prior, update to a version later than 1.2.0 to resolve the issue. For YiiCMS version 1.0, update to a version later than 1.0 to resolve the issue. As a temporary workaround, consider restricting access to the news function until a patch is available.