R0Code

**Name of the Vulnerable Software and Affected Versions** YzmCMS version 5.2 **Description** The issue is related to a Cross-Site Scripting (XSS) problem. It occurs via a query string in the `search/index/archives/pubtime/` endpoint, as shown in the `search/index/archives/pubtime/1526387722/page/1.html` URI. This issue does not allow access to a user's cookie. **Recommendations** For YzmCMS version 5.2, consider restricting access to the `search/index/archives/pubtime/` endpoint to minimize the risk of exploitation. Avoid using the `pubtime` query string in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.