CVE-2026-6633
Remote XSS in Yifang CMS Extended Management Module
Publication date: 2026-04-20
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yifang | cms | to 2.0.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6633 is a stored Cross-Site Scripting (XSS) vulnerability found in YiFangCMS version 2.0.5, specifically in the extended management module's permission management user list feature.
The vulnerability exists in the handling of the 'account' parameter within the store() method of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php. This method processes user input without sanitizing or escaping HTML, allowing malicious scripts to be stored in the database.
An attacker can submit a malicious script payload via a POST request to the /admin/yifang_backend_account/rbacAdmin endpoint. This payload is stored and later executed when the permission management user list page is accessed, enabling arbitrary JavaScript execution in the context of the application.
How can this vulnerability impact me? :
This stored XSS vulnerability can allow attackers to execute arbitrary JavaScript code within the context of the affected YiFangCMS application.
- Attackers can hijack user sessions, steal cookies, or perform actions on behalf of authenticated users.
- It can lead to defacement of the website or redirection to malicious sites.
- Sensitive information may be exposed or manipulated due to unauthorized script execution.
Since the exploit is publicly available and the vendor has not responded, the risk of exploitation is higher.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /admin/yifang_backend_account/rbacAdmin endpoint for stored Cross-Site Scripting (XSS) in the account parameter.
A practical detection method is to send a crafted POST request with a malicious script payload in the account field and then check if the script is stored and executed when accessing the permission management user list page.
Example command using curl to test the vulnerability:
- curl -X POST 'http://target-site/admin/yifang_backend_account/rbacAdmin' -F 'account=<script>alert(1)</script>'
After sending this request, visit the permission management user list page to see if the alert box appears, indicating the presence of the stored XSS vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the stored Cross-Site Scripting (XSS) vulnerability in YiFangCMS affects compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid using or exposing the vulnerable /admin/yifang_backend_account/rbacAdmin interface until a patch or fix is available.
- Implement input validation and sanitization on the account parameter to prevent malicious scripts from being stored.
- Apply HTML escaping on all user-supplied input before storing or rendering it in the application.
- Restrict access to the affected module to trusted administrators only.
- Monitor logs and network traffic for suspicious POST requests targeting the vulnerable endpoint.