PT-2026-23949 · Unknown · Yifang Cms

Vuldb

+1

·

Publicado

2026-03-08

·

Atualizado

2026-03-08

·

CVE-2026-3743

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions YiFang CMS version 2.0.5
Description A cross-site scripting issue exists in YiFang CMS version 2.0.5. The flaw is located in the update function of the file app/db/admin/D singlePageGroup.php. Manipulation of the Name argument can allow for the execution of malicious scripts. The issue is potentially exploitable remotely. The exploit has been published.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79CWE-94

Identificadores relacionados

CVE-2026-3743

Produtos afetados

Yifang Cms