VYPR

Yifang

by Yifangcms

CVEs (6)

  • CVE-2026-3743LowMar 8, 2026
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-3742LowMar 8, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit…

  • CVE-2026-3741LowMar 8, 2026
    risk 0.23cvss 3.5epss 0.00

    A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit…

  • CVE-2026-2934LowFeb 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible…

  • CVE-2026-2933LowFeb 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be…

  • CVE-2026-2932LowFeb 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting.…