CVE-2019-9570

Name of the Vulnerable Software and Affected Versions YzmCMS version 5.2.0

Description An issue was discovered that allows XSS via the bottom text field to the "admin/system manage/save.html" URI, related to the site code parameter.

Recommendations For YzmCMS version 5.2.0, as a temporary workaround, consider restricting access to the "admin/system manage/save.html" URI until a patch is available. Avoid using the site code parameter in this URI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.