Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.
Advisories for Composer/Sheng/Yiicms package
2023