Submeter #755295: YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_adManage.php name parametinformação

TítuloYiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_adManage.php name paramet
DescriçãoA cross-site scripting (XSS) vulnerability exists in the name parameter of the /admin/adManage interface in the extended management module of yifangCMS version 2.0.5, which controls the ad list functionality. This stored XSS vulnerability arises because the name field is directly stored in the database without any filtering in the update() method of app/db/admin/D_adManage.php. An attacker can submit a malicious XSS script and trigger the vulnerability when accessing the ad list.
Fonte⚠️ https://github.com/ZZCTD/CVE/issues/4
Utilizador
 Anonymous User
Submissão10/02/2026 12h20 (há 4 meses)
Moderação21/02/2026 09h08 (11 days later)
EstadoAceite
Entrada VulDB347279 [YiFang CMS até 2.0.5 Extended Management D_adManage.php update Nome Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!