CVE-2026-2965

Name of the Vulnerable Software and Affected Versions 07FLYCMS versions up to 1.2.9 07FLY-CMS versions up to 1.2.9 07FlyCRM versions up to 1.2.9

Description A security flaw exists in 07FLYCMS, 07FLY-CMS, and 07FlyCRM. The issue is related to cross site scripting, triggered by manipulating the Title argument within an unknown function of the /admin/SysModule/edit.html file in the System Extension Module. The attack can be initiated remotely, and the exploit has been publicly released. The vendor was contacted but did not respond.

Recommendations Versions prior to 1.2.9 should be updated. As a temporary workaround, consider restricting access to the /admin/SysModule/edit.html file. Avoid using the Title parameter in the affected file until the issue is resolved.