CVE-2021-36712

Name of the Vulnerable Software and Affected Versions yzmcms version 6.1

Description The issue allows attackers to steal user cookies via the image clipping function, which is affected by a Cross Site Scripting (XSS) vulnerability. This can potentially lead to unauthorized access to user accounts.

Recommendations For yzmcms version 6.1, consider disabling the image clipping function until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to sensitive user data to minimize the risk of cookie theft. At the moment, there is no information about a newer version that contains a fix for this vulnerability.