CVE-2018-18725

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in YUNUCMS 1.1.5 in the admin/banner/editbanner?id=20 endpoint. The application fails to sanitize the banner content input, allowing an attacker to inject arbitrary JavaScript code. This is triggered when the banner is saved and later rendered in a page viewed by an administrator. Affected version: YUNUCMS 1.1.5 [1].

Exploitation

An attacker must first have administrative access to the YUNUCMS backend. The attacker logs in, navigates to the banner editing page at /admin/banner/editbanner?id=20, and modifies the banner content to include malicious script (e.g., ``). After clicking the submit button and refreshing the page, the injected script is stored and executed in the context of the admin session [1].

Impact

Successful exploitation allows the attacker to execute arbitrary HTML and JavaScript in the context of the affected admin user's browser. This can lead to session hijacking, defacement, or theft of sensitive information displayed on the admin page. The attack is stored, so the payload persists for subsequent admin visits [1].

Mitigation

No official patch has been released as of the publication date. Users should upgrade to a newer version if available, or restrict access to the admin panel to trusted users and apply input sanitization. The vulnerability has not been listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. Workarounds include disabling the banner editing functionality or implementing a web application firewall rule to block script tags in banner fields [1].