| 제목 | YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_adManage.php name paramet |
|---|
| 설명 | A cross-site scripting (XSS) vulnerability exists in the name parameter of the /admin/adManage interface in the extended management module of yifangCMS version 2.0.5, which controls the ad list functionality. This stored XSS vulnerability arises because the name field is directly stored in the database without any filtering in the update() method of app/db/admin/D_adManage.php. An attacker can submit a malicious XSS script and trigger the vulnerability when accessing the ad list. |
|---|
| 원천 | ⚠️ https://github.com/ZZCTD/CVE/issues/4 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2026. 02. 10. PM 12:20 (4 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 21. AM 09:08 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 347279 [YiFang CMS 까지 2.0.5 Extended Management D_adManage.php update 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|