CVE-2026-2932
Remote XSS in YiFang CMS Extended Management Module
Publication date: 2026-02-22
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yifangcms | yifang | to 2.0.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-2932 is a stored Cross-Site Scripting (XSS) vulnerability found in YiFang CMS version 2.0.5, specifically in the Extended Management Module's ad placement update functionality."}, {'type': 'paragraph', 'content': "The vulnerability exists because the 'name' and 'index' parameters in the /admin/adPosition/update interface are stored directly into the database without any input filtering or sanitization."}, {'type': 'paragraph', 'content': 'An attacker can exploit this by injecting malicious JavaScript code into these parameters, which is then stored persistently. When a user later accesses the ad placement list, the malicious script executes in their browser, leading to a stored XSS attack.'}, {'type': 'paragraph', 'content': 'This flaw allows remote attackers to inject and execute arbitrary scripts, potentially compromising user sessions or performing other malicious actions.'}] [1, 2, 3, 4, 5]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code in the context of your users' browsers when they access the affected ad placement list."}, {'type': 'list_item', 'content': 'Attackers can hijack user sessions, steal sensitive information, or perform actions on behalf of the user.'}, {'type': 'list_item', 'content': 'It can lead to defacement of the web interface or injection of malicious content.'}, {'type': 'list_item', 'content': 'Since the exploit is publicly available and the attack can be performed remotely, the risk of exploitation is significant if the system is not patched or mitigated.'}] [1, 2, 3, 4, 5]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring and testing the /admin/adPosition/update interface of YiFang CMS version 2.0.5 for improper input sanitization in the 'name' and 'index' parameters. An effective detection method involves sending crafted POST requests with malicious JavaScript payloads in these parameters and observing if the payload is stored and executed when accessing the ad placement list."}, {'type': 'paragraph', 'content': "One practical approach is to perform a POST request to the endpoint /admin/adPosition/update?callback=ajaxRs with payloads such as '1111<svg onload=alert(1)>11' in the 'name' parameter or 'ad_index<svg onload=alert(1)>' in the 'index' parameter. If the payload executes upon viewing the ad placement list, the system is vulnerable."}, {'type': 'paragraph', 'content': "Additionally, attackers or defenders can use Google dorking to identify potentially vulnerable targets by searching for URLs containing 'inurl:app/db/admin/D_adPosition.php'."}, {'type': 'paragraph', 'content': 'Example curl command to test the vulnerability (replace URL and authentication as needed):'}, {'type': 'list_item', 'content': "curl -X POST 'http://target-site/admin/adPosition/update?callback=ajaxRs' -F 'name=1111<svg onload=alert(1)>11' -F 'other_required_fields=values'"}, {'type': 'paragraph', 'content': 'After sending the payload, access the ad placement list page to check if the alert or injected script executes, indicating the presence of the stored XSS vulnerability.'}] [3, 5, 4]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting access to the vulnerable update interface to trusted and authenticated users only, as exploitation requires some level of authentication.'}, {'type': 'paragraph', 'content': "Since the vulnerability arises from improper input sanitization and lack of filtering on the 'name' and 'index' parameters, applying input validation and sanitization on these parameters before storing them in the database is critical."}, {'type': 'paragraph', 'content': "If possible, disable or restrict the Extended Management Module's update functionality until a patch or fix is applied."}, {'type': 'paragraph', 'content': 'Monitor and audit logs for suspicious POST requests to /admin/adPosition/update that contain suspicious payloads.'}, {'type': 'paragraph', 'content': 'As no official patches or mitigations have been published, consider replacing or upgrading the affected component or product to a version without this vulnerability.'}] [4]