YiFang CMS Cross-Site Scripting Vulnerability in Extended Management Module

A cross-site scripting (XSS) vulnerability has been identified in YiFang CMS versions through 2.0.5. The issue resides in the Extended Management Module, specifically within the 'update' function of 'app/db/admin/D_friendLinkGroup.php'. The vulnerability is triggered by manipulating the 'name' parameter, which is stored in the database without proper sanitization. This stored XSS flaw can be exploited remotely, with the malicious script executed when the ad placement list is accessed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page.

Reproduction

To reproduce this vulnerability, log into the YiFang CMS admin panel and navigate to the 'Friend Link Group' management interface. Once there, use the 'edit' function to modify a link group. In the 'name' parameter, input a script containing XSS payload, such as an SVG image with an 'onload' event. Submit the form, which will trigger the XSS payload execution when the link group is accessed.