| 제목 | YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_friendLink.php |
|---|
| 설명 | A cross-site scripting (XSS) vulnerability exists in the linkName parameter of the /admin/friendLink interface in the extended management module of yifangCMS version 2.0.5. This stored XSS vulnerability arises because the linkName field is directly stored in the database without any filtering in the update() method of app/db/admin/D_friendLink.php. An attacker can submit malicious XSS scripts and trigger the XSS vulnerability when accessing friend links. |
|---|
| 원천 | ⚠️ https://github.com/ZZCTD/CVE/issues/6 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2026. 02. 25. AM 11:30 (2 개월 ago) |
|---|
| 모더레이션 | 2026. 03. 07. PM 09:12 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 349719 [YiFang CMS 2.0.5 D_friendLink.php update linkName 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|