CVE-2026-3741
Remote Cross-Site Scripting in YiFang CMS update Function
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yifangcms | yifang | 2.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3741 is a stored Cross-Site Scripting (XSS) vulnerability found in YiFang CMS version 2.0.5. It exists in the update function of the file app/db/admin/D_friendLink.php, specifically in the handling of the user-controllable parameter "linkName."'}, {'type': 'paragraph', 'content': 'The vulnerability arises because the linkName input is taken directly from user input and stored in the database without any filtering or sanitization. This allows an attacker to inject malicious JavaScript code into the linkName parameter.'}, {'type': 'paragraph', 'content': 'When users access the friend links feature, the stored malicious script executes in their browsers, leading to cross-site scripting attacks. The attack can be performed remotely and requires some user interaction.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows remote attackers to inject and execute arbitrary JavaScript code in the browsers of users who access the affected friend links feature in YiFang CMS.
The impact includes potential compromise of data integrity and user session hijacking, as malicious scripts can manipulate or steal sensitive information from users.
Because the malicious code is stored persistently in the database, every user who views the affected page may be exposed to the attack.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying instances of the vulnerable YiFang CMS 2.0.5, specifically targeting the presence of the file app/db/admin/D_friendLink.php and the associated update function handling the linkName parameter.
One practical method to detect vulnerable targets is to use Google dorking with the query: inurl:app/db/admin/D_friendLink.php to find exposed endpoints.
Additionally, testing for the vulnerability can involve sending crafted POST requests to the /admin/friendLink interface with malicious payloads in the linkName parameter to check if the input is stored and executed, indicating the presence of the stored XSS.
- Use Google dork: inurl:app/db/admin/D_friendLink.php
- Send a POST request to /admin/friendLink?callback=ajaxRs with a payload like linkName=<svg onload=alert(1)> and observe if the script executes when accessing the friend links.
What immediate steps should I take to mitigate this vulnerability?
No known mitigations or countermeasures have been published for this vulnerability.
It is suggested to consider replacing the affected component with an alternative product to avoid exposure.
As an immediate step, restrict access to the vulnerable admin interface and monitor for suspicious input or activity related to the linkName parameter.