关键漏洞信息 Title: YiFang CMS 2.0.5 Cross Site Scripting on app/db/admin/D_friendLinkGroup.php name CVE ID: Not specified in the screenshot Description: - A cross-site scripting (XSS) vulnerability exists in the parameter of the interface in the extended management module of YiFang CMS version 2.0.5. - The stored XSS vulnerability arises because the field is directly stored in the database without any filtering in the method of . - An attacker can submit a malicious XSS script and trigger the vulnerability when accessing the ad placement list. Source: https://github.com/ZZCTD/CVE/issues/5 User: ZZCTD (UID 89357) Submission Date: 02/10/2026 12:34 PM Moderation Date: 02/21/2026 09:08 AM Status: Accepted VulDB Entry: 2347280 [YiFang CMS up to 2.0.5 Extended Management D_friendLinkGroup.php update Name cross site scripting] Points: 20