4 matches found
CVE-2026-3743
A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/DsinglePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used...
CVE-2026-3743
A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/DsinglePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used...
CVE-2026-2934
YiFang CMS (up to 2.0.5) is affected in the Extended Management Module by a vulnerability in the update function of file app/db/admin/D_friendLinkGroup.php. The issue arises from manipulation of the Name parameter, enabling cross site scripting (XSS). Attacks can be initiated remotely, and public...
CVE-2026-2932 YiFang CMS Extended Management D_adPosition.php update cross site scripting
A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/DadPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting. The attack is...