In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page.
yfcmf yfcmf 2.3.1