إرسال #755296: YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_friendLinkGroup.php nameالمعلومات

عنوانYiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_friendLinkGroup.php name
الوصفA cross-site scripting (XSS) vulnerability exists in the `name` parameter of the `/admin/friendLinkGroup` interface in the extended management module of yifangCMS version 2.0.5, which manages the friend links. This stored XSS vulnerability arises because the `name` field is directly stored in the database without any filtering in the `update()` method of `app/db/admin/D_friendLinkGroup.php`. An attacker can submit a malicious XSS script and trigger the vulnerability when accessing the ad placement list.
المصدر⚠️ https://github.com/ZZCTD/CVE/issues/5
المستخدم
 Anonymous User
ارسال10/02/2026 12:34 PM (4 أشهر منذ)
الاعتدال21/02/2026 09:08 AM (11 days later)
الحالةتمت الموافقة
إدخال VulDB347280 [YiFang CMS حتى 2.0.5 Extended Management D_friendLinkGroup.php update الأسم البرمجة عبر المواقع]
النقاط20

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!