CVE-2026-6633 | Yifang CMS up to 2.0.5 Extended Management L_rbac_admin.php store Account cross site scripting

A vulnerability was found in Yifang CMS up to 2.0.5. It has been declared as problematic. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting.

This vulnerability is identified as CVE-2026-6633. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More