Submit #755281: YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_adPosition.php name paraminfo

TitleYiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_adPosition.php name param
DescriptionA cross-site scripting (XSS) vulnerability exists in the `name` parameter of the `/admin/adPosition/update` interface in the extended management module of yifangCMS version 2.0.5, which controls the ad placement list. This stored XSS vulnerability arises because the `name` field is directly stored in the database without any filtering in the `update()` method of `D_adPosition.php`. An attacker can submit malicious XSS scripts and trigger the vulnerability when accessing the ad placement list.
Source⚠️ https://github.com/ZZCTD/CVE/issues/2
User
 Anonymous User
Submission02/10/2026 11:48 (4 months ago)
Moderation02/21/2026 09:08 (11 days later)
StatusAccepted
VulDB entry347278 [YiFang CMS up to 2.0.5 Extended Management D_adPosition.php update name/index cross site scripting]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!