CVE-2026-3742
Remote XSS in YiFang CMS 2.0.5 update Function
Publication date: 2026-03-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yifangcms | yifang | 2.0.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3742 is a stored Cross-Site Scripting (XSS) vulnerability found in YiFang CMS version 2.0.5. It specifically affects the update function in the file app/db/admin/D_singlePage.php, where the "title" parameter is handled improperly.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the "title" field is taken directly from user input and stored in the database without any filtering or sanitization. This allows an attacker to inject malicious JavaScript code into the title.'}, {'type': 'paragraph', 'content': 'When a user accesses the single-page list in the admin interface, the malicious script executes in their browser, leading to a stored XSS attack.'}, {'type': 'paragraph', 'content': 'The attack can be initiated remotely by sending a crafted POST request with malicious code in the title parameter. The vendor did not respond to early disclosure attempts, and no mitigation or countermeasures are currently known.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows an attacker to inject and execute arbitrary JavaScript code in the context of the affected YiFang CMS admin interface.
- An attacker can perform actions such as stealing session cookies, hijacking user accounts, or performing unauthorized actions on behalf of legitimate users.
- Because the malicious script is stored persistently, every time an authorized user accesses the affected page, the attack can be triggered.
- The vulnerability requires user interaction (an admin or user viewing the page) to execute, but it can be initiated remotely.
Due to the lack of vendor response and no known fixes, systems running YiFang CMS 2.0.5 remain exposed to exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the vulnerable YiFang CMS version 2.0.5 and by identifying if the /admin/singlePage interface is accessible.'}, {'type': 'paragraph', 'content': 'One method to detect vulnerable targets is using Google Dorking with the query: inurl:app/db/admin/D_singlePage.php.'}, {'type': 'paragraph', 'content': 'Additionally, you can monitor network traffic or logs for POST requests to the endpoint /admin/singlePage?callback=ajaxRs containing suspicious payloads in the title parameter, such as JavaScript code snippets (e.g., <svg onload=alert(1)>).'}, {'type': 'paragraph', 'content': 'Example command to search for the vulnerable URL on your network or logs could be using grep or similar tools:'}, {'type': 'list_item', 'content': 'grep -r "/admin/singlePage" /var/log/nginx/access.log'}, {'type': 'list_item', 'content': 'grep -r "title=" /var/log/nginx/access.log | grep -E "<script|<svg"'}, {'type': 'paragraph', 'content': 'For active testing, a crafted POST request can be sent to the endpoint with a malicious title payload to verify if the system is vulnerable, but this should only be done in authorized testing environments.'}] [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Currently, no official mitigation or patch is available from the vendor for this vulnerability.
Immediate steps to mitigate the risk include:
- Restrict access to the /admin/singlePage interface to trusted administrators only, using network-level controls such as IP whitelisting or VPN.
- Implement Web Application Firewall (WAF) rules to detect and block malicious payloads targeting the title parameter in requests to /admin/singlePage.
- Avoid using YiFang CMS version 2.0.5 in production environments until a fix is released.
- Consider replacing YiFang CMS 2.0.5 with an alternative CMS product that is not vulnerable.
Monitoring logs for suspicious activity and educating administrators about the risk of XSS attacks can also help reduce exploitation chances.