CVE-2018-18724

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in YUNUCMS version 1.1.5 in the admin category editing functionality. The issue is triggered via the /index.php/admin/category/editcategory?id=73 endpoint. An attacker with admin panel access can inject arbitrary web scripts or HTML through the category name field, which is stored and executed when the page is viewed [1].

Exploitation

To exploit this vulnerability, an attacker must be authenticated as an administrator. The attacker navigates to the category edit page, inserts a malicious script (e.g., ``) into the category name field, submits the form, and then refreshes the page. The injected script executes in the context of the admin panel, affecting any user who views the edited category [1].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the browser of any administrator viewing the affected category page. This can lead to session hijacking, defacement, or theft of sensitive data within the admin panel, depending on the injected script. The attack is stored, meaning the payload persists until removed [1].

Mitigation

As of the publication date (2018-10-28), no official patch or fixed version has been released for YUNUCMS 1.1.5. The vendor has not publicly addressed this vulnerability. Administrators should consider sanitizing user input for category names, restricting admin panel access, or migrating to a maintained fork if available [1].