| Titel | YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_friendLinkGroup.php name |
|---|
| Beschreibung | A cross-site scripting (XSS) vulnerability exists in the `name` parameter of the `/admin/friendLinkGroup` interface in the extended management module of yifangCMS version 2.0.5, which manages the friend links. This stored XSS vulnerability arises because the `name` field is directly stored in the database without any filtering in the `update()` method of `app/db/admin/D_friendLinkGroup.php`. An attacker can submit a malicious XSS script and trigger the vulnerability when accessing the ad placement list. |
|---|
| Quelle | ⚠️ https://github.com/ZZCTD/CVE/issues/5 |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 10.02.2026 12:34 (vor 4 Monaten) |
|---|
| Moderieren | 21.02.2026 09:08 (11 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 347280 [YiFang CMS bis 2.0.5 Extended Management D_friendLinkGroup.php update Name Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|