| Title | YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_adManage.php name paramet |
|---|
| Description | A cross-site scripting (XSS) vulnerability exists in the name parameter of the /admin/adManage interface in the extended management module of yifangCMS version 2.0.5, which controls the ad list functionality. This stored XSS vulnerability arises because the name field is directly stored in the database without any filtering in the update() method of app/db/admin/D_adManage.php. An attacker can submit a malicious XSS script and trigger the vulnerability when accessing the ad list. |
|---|
| Source | ⚠️ https://github.com/ZZCTD/CVE/issues/4 |
|---|
| User | Anonymous User |
|---|
| Submission | 02/10/2026 12:20 (4 months ago) |
|---|
| Moderation | 02/21/2026 09:08 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 347279 [YiFang CMS up to 2.0.5 Extended Management D_adManage.php update Name cross site scripting] |
|---|
| Points | 20 |
|---|