CVE ID:

CVE-2019-5310

Details:

YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request.

References:

:https://github.com/doublefast/yunucms/issues/6

ZeroDayLab Assigned Tags:

CROSS SITE SCRIPTING - What is Cross Site Scripting?