Swagxz

**Name of the Vulnerable Software and Affected Versions** YII2-CMS version 1.0 **Description** The issue concerns a Cross-Site Scripting (XSS) problem. It is located in the protectedcoremoduleshomemodelsContact.php file, specifically via the `name` field. This field is vulnerable when accessed through the "/contact.html" API endpoint. **Recommendations** For YII2-CMS version 1.0, as a temporary workaround, consider validating and sanitizing the `name` field in the Contact.php file to prevent XSS attacks. Restrict access to the "/contact.html" endpoint until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.