CVE Details
Basic Information
| Title | Yifang CMS Article Management Module cross site scripting |
|---|---|
| Type | cve |
| Published | 2025-05-31T15:00:16.412Z |
| Last Seen |
Product Information
| Vendor | Yifang |
|---|---|
| Product | CMS |
| Version | 2.0.0 |
CVSS Information
| Base Score | 4.8 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A cross-site scripting (XSS) vulnerability exists in Yifang CMS versions up to 2.0.2. The vulnerability is in the Article Management Module and can be exploited by manipulating the Default Value parameter. The attack can be launched remotely, and the exploit is publicly available. |
|---|---|
| AI Severity | Medium |
| Vendor | Yifang |
| Product | Yifang CMS |
| Affected Version | 2.0.0, 2.0.1, 2.0.2 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-79, CWE-94 |
| Bulletin Family | |
| Source Data | Yifang CMS 2.0.0 Yifang CMS 2.0.1 Yifang CMS 2.0.2 |
Source Information
| Source Data | Yifang CMS 2.0.0 Yifang CMS 2.0.1 Yifang CMS 2.0.2 |
|---|---|
| Source Link |
Description
A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 4.8 (MEDIUM)