| Titel | YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_friendLink.php |
|---|
| Beschreibung | A cross-site scripting (XSS) vulnerability exists in the linkName parameter of the /admin/friendLink interface in the extended management module of yifangCMS version 2.0.5. This stored XSS vulnerability arises because the linkName field is directly stored in the database without any filtering in the update() method of app/db/admin/D_friendLink.php. An attacker can submit malicious XSS scripts and trigger the XSS vulnerability when accessing friend links. |
|---|
| Quelle | ⚠️ https://github.com/ZZCTD/CVE/issues/6 |
|---|
| Benutzer | Anonymous User |
|---|
| Einreichung | 25.02.2026 11:30 (vor 2 Monaten) |
|---|
| Moderieren | 07.03.2026 21:12 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 349719 [YiFang CMS 2.0.5 D_friendLink.php update linkName Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|