CVE-2026-2932

Name of the Vulnerable Software and Affected Versions YiFang CMS versions up to 2.0.5

Description A security flaw exists in YiFang CMS up to version 2.0.5. The issue is related to the update function within the file app/db/admin/D adPosition.php of the Extended Management Module. Manipulation of the name/index argument can lead to cross-site scripting. This attack is possible remotely, and the exploit has been publicly released.

Recommendations Versions prior to 2.0.5 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.