| عنوان | YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_adManage.php name paramet |
|---|
| الوصف | A cross-site scripting (XSS) vulnerability exists in the name parameter of the /admin/adManage interface in the extended management module of yifangCMS version 2.0.5, which controls the ad list functionality. This stored XSS vulnerability arises because the name field is directly stored in the database without any filtering in the update() method of app/db/admin/D_adManage.php. An attacker can submit a malicious XSS script and trigger the vulnerability when accessing the ad list. |
|---|
| المصدر | ⚠️ https://github.com/ZZCTD/CVE/issues/4 |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 10/02/2026 12:20 PM (4 أشهر منذ) |
|---|
| الاعتدال | 21/02/2026 09:08 AM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 347279 [YiFang CMS حتى 2.0.5 Extended Management D_adManage.php update الأسم البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|