CVE-2026-3741

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/DfriendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Version 2.0.5 of Yifang CMS has a code injection vulnerability. This vulnerability stems from the handling of the parameter linkName in the file DfriendLink.php, which may lead to cross-site...

NexusPHP Cross-Site Request Forgery Vulnerability (CNVD-2018-10475)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. Multiple cross-site request forgery vulnerabilities exist in NexusPHP version 1.5. A remote attacker can exploit this vulnerability to perform unauthorized operations with the help of 'linkname'...

CVE-2017-12792

Multiple cross-site request forgery CSRF vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 linkname, 2 url, or 3 title parameter in an add action to linksmanage.php...