Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the "referer" field of a POST request to the component "/member/index/login.html" when logging in.

In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.

An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections.

admin/urlrule/add.html in YzmCMS 5.3 allows CSRF with a resultant denial of service by adding a superseding route.

YzmCMS 5.1 has XSS via the admin/system_manage/user_config_add.html title parameter.

Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html "catname" parameter.

Stored XSS exists in YzmCMS 5.2 via the admin/system_manage/user_config_edit.html "value" parameter,

An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter.

YzmCMS v5.2 has admin/role/add.html CSRF.

An issue was discovered in YzmCMS 5.2. XSS exists via the admin/content/search.html searinfo parameter.