CVE-2026-2933

Name of the Vulnerable Software and Affected Versions YiFang CMS versions up to 2.0.5

Description A weakness exists in YiFang CMS that allows for cross site scripting. This issue affects the update function of the file app/db/admin/D adManage.php within the Extended Management Module. Manipulation of the Name argument can be exploited remotely. The exploit is publicly available.

Recommendations Versions prior to 2.0.5 should be updated. As a temporary workaround, consider restricting access to the update function within the D adManage.php file of the Extended Management Module until a patch is available.