CVE-2026-2934

Name of the Vulnerable Software and Affected Versions YiFang CMS versions up to 2.0.5

Description A security issue exists in YiFang CMS that allows for cross-site scripting. The issue is located in the update function of the file app/db/admin/D friendLinkGroup.php within the Extended Management Module. Manipulation of the Name argument can trigger the issue, and the attack can be initiated remotely. The exploit has been publicly disclosed.

Recommendations Versions prior to 2.0.5 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.