CVE-2026-6633

Name of the Vulnerable Software and Affected Versions Yifang CMS versions prior to 2.0.6

Description A cross site scripting issue exists in the Extended Management Module. The flaw occurs within the store() function of the file 'plugins/yifang backend account/logic/admin/L rbac admin.php' due to the improper manipulation of the Account argument. This allows a remote attacker to execute malicious scripts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.