CVE-2020-35971

Name of the Vulnerable Software and Affected Versions: YzmCMS version 5.8

Description: A storage XSS issue allows attackers to inject JS code, enabling malicious XSS attacks on the "/admin/system manage/user config edit.html" API endpoint. This can be exploited to execute unauthorized actions.

Recommendations: For YzmCMS version 5.8, as a temporary workaround, consider restricting access to the "/admin/system manage/user config edit.html" page until a patch is available. Avoid using this page for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.