Shiyifei

**Name of the Vulnerable Software and Affected Versions** Yifang CMS versions prior to 2.0.6 **Description** A cross site scripting issue exists in the Extended Management Module. The flaw occurs within the `store()` function of the file 'plugins/yifang backend account/logic/admin/L rbac admin.php' due to the improper manipulation of the `Account` argument. This allows a remote attacker to execute malicious scripts. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.