Yifang CMS Cross-Site Scripting Vulnerability in Extended Management Module

A cross-site scripting (XSS) vulnerability has been identified in Yifang CMS versions through 2.0.5. The issue resides in the 'store' function of the 'plugins/yifang_backend_account/logic/admin/L_rbac_admin.php' file, within the Extended Management Module. This vulnerability allows for stored XSS, as the 'account' parameter is directly saved to the database without proper sanitization. The flaw can be exploited remotely, and a public proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to the '/admin/yifang_backend_account/rbacAdmin' endpoint with a payload in the 'account' parameter that includes a script tag, such as '<script>alert(1)</script>'. The request should be made with an authorization token and can be sent as a multipart form-data. Once the payload is submitted, it will be stored in the database and executed when the user list feature is accessed.