Chengyizhou147

**Name of the Vulnerable Software and Affected Versions** YFCMF version 2.3.1 **Description** The issue is related to a stored XSS vulnerability located in the comments section of the news page. **Recommendations** For YFCMF version 2.3.1, consider disabling the comments section of the news page until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** YFCMF version 2.3.1 **Description** The issue is related to a Remote Command Execution (RCE) vulnerability. It affects the index.php file. **Recommendations** For YFCMF version 2.3.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.