CVE-2026-2933
Cross-Site Scripting in YiFang CMS Extended Management Module
Publication date: 2026-02-22
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yifangcms | yifang | to 2.0.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-2933 is a stored Cross-Site Scripting (XSS) vulnerability found in YiFang CMS version 2.0.5, specifically in the Extended Management Module's update function located in the file app/db/admin/D_adManage.php."}, {'type': 'paragraph', 'content': 'The vulnerability arises because the "name" parameter is directly stored in the database without any input filtering or sanitization in the update() method. This allows an attacker to submit malicious script code, such as <svg onload=alert(1)>, which is then stored persistently.'}, {'type': 'paragraph', 'content': "When the ad list page is accessed, the stored malicious script executes in the victim's browser, leading to a cross-site scripting attack."}, {'type': 'paragraph', 'content': 'This flaw is due to improper neutralization of user-controllable input and affects the integrity of the application by allowing arbitrary JavaScript execution.'}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can be exploited remotely by an attacker who submits malicious scripts in the "name" parameter, which are then stored and executed in the browsers of users who view the affected ad list page.'}, {'type': 'list_item', 'content': "Execution of arbitrary JavaScript code in users' browsers."}, {'type': 'list_item', 'content': 'Potential session hijacking, allowing attackers to steal user credentials or impersonate users.'}, {'type': 'list_item', 'content': 'Defacement or unauthorized modification of the web interface.'}, {'type': 'list_item', 'content': 'Other malicious actions typical of stored XSS attacks, such as redirecting users to malicious sites or stealing sensitive information.'}, {'type': 'paragraph', 'content': 'The attack requires some level of user interaction and successful authentication, but the exploit is publicly available, increasing the risk.'}] [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the "name" parameter of the /admin/adManage interface for stored cross-site scripting (XSS) payloads. Specifically, sending a POST request with a malicious script payload such as <svg onload=alert(1)> in the "name" field and then checking if the script executes when accessing the ad list page indicates the presence of the vulnerability.'}, {'type': 'paragraph', 'content': 'Additionally, vulnerable targets can be identified using Google dorking with the query: inurl:app/db/admin/D_adManage.php'}, {'type': 'paragraph', 'content': 'Example command to test the vulnerability using curl (replace URL and authentication as needed):'}, {'type': 'list_item', 'content': 'curl -X POST -d "name=<svg onload=alert(1)>" https://targetsite.com/admin/adManage?callback=ajaxRs'}, {'type': 'paragraph', 'content': 'After sending the payload, visit the ad list page to see if the script executes, confirming the vulnerability.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include replacing or upgrading the affected component or product, as no known mitigations or countermeasures have been reported.'}, {'type': 'paragraph', 'content': 'Since the vulnerability arises from lack of input filtering or sanitization on the "name" parameter, applying input validation and output encoding on this parameter can help prevent exploitation.'}, {'type': 'paragraph', 'content': 'Restrict access to the vulnerable interface (/admin/adManage) to trusted users only, as exploitation requires authentication.'}, {'type': 'paragraph', 'content': 'Monitor for suspicious activity and consider applying web application firewall (WAF) rules to detect and block malicious payloads targeting the "name" parameter.'}] [2, 1]