Hackxiaofeng

Name of the Vulnerable Software and Affected Versions: YzmCMS version 5.8 Description: A storage XSS issue allows attackers to inject JS code, enabling malicious XSS attacks on the "/admin/system manage/user config edit.html" API endpoint. This can be exploited to execute unauthorized actions. Recommendations: For YzmCMS version 5.8, as a temporary workaround, consider restricting access to the "/admin/system manage/user config edit.html" page until a patch is available. Avoid using this page for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: YzmCMS version 5.8 Description: An issue was discovered that allows for a CSRF vulnerability, enabling the addition of member user accounts via the "member/member/add.html" API endpoint. The estimated number of potentially affected devices worldwide is not available. Recommendations: For YzmCMS version 5.8, as a temporary workaround, consider restricting access to the "member/member/add.html" API endpoint until a patch is available. Avoid using this endpoint to add new member user accounts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.