Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to execute arbitrary code by injecting commands into the «referer» field of a POST request to the component «/member/index/login.html» when logging in.
