Submeter #755296: YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_friendLinkGroup.php nameinformação

TítuloYiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_friendLinkGroup.php name
DescriçãoA cross-site scripting (XSS) vulnerability exists in the `name` parameter of the `/admin/friendLinkGroup` interface in the extended management module of yifangCMS version 2.0.5, which manages the friend links. This stored XSS vulnerability arises because the `name` field is directly stored in the database without any filtering in the `update()` method of `app/db/admin/D_friendLinkGroup.php`. An attacker can submit a malicious XSS script and trigger the vulnerability when accessing the ad placement list.
Fonte⚠️ https://github.com/ZZCTD/CVE/issues/5
Utilizador
 Anonymous User
Submissão10/02/2026 12h34 (há 4 meses)
Moderação21/02/2026 09h08 (11 days later)
EstadoAceite
Entrada VulDB347280 [YiFang CMS até 2.0.5 Extended Management D_friendLinkGroup.php update Nome Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!