Submeter #793352: yifang yifangcms 2.0.5 Cross Site Scriptinginformação

Títuloyifang yifangcms 2.0.5 Cross Site Scripting
DescriçãoYiFangCMS - Cross Site Scripting on plugins/yifang_backend_account/logic/admin/L_rbac_admin.php account parameter A cross-site scripting (XSS) vulnerability exists in the name parameter of the /admin/yifang_backend_account/rbacAdmin interface in the extended management module of yifangCMS version 2.0.5, which is a permission management - user list feature. This stored XSS vulnerability arises because the account field is directly stored in the database without any filtering in the store() method of plugins/yifang_backend_account/logic/admin/L_rbac_admin.php. An attacker can submit a malicious XSS script and trigger the vulnerability when accessing the permission management - user list
Fonte⚠️ https://github.com/shiyifei999-ux/cve/issues/1
Utilizador
 shiyifei (UID 96935)
Submissão31/03/2026 05h23 (há 21 dias)
Moderação19/04/2026 21h12 (20 days later)
EstadoAceite
Entrada VulDB358267 [Yifang CMS até 2.0.5 Extended Management L_rbac_admin.php store Conta Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!