Yunucms
CVE-2018-18726
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.
AnalysisAI
An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. Affected products include: Yunucms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to ex
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/c
An issue was discovered in YUNUCMS V1.1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,
YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as dem
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to i
An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vu
An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5. Rated medium severity (CVSS
An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8
An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.
An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vulnera
An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5. Rated medium severity (CVSS 4.8), this vul
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). Rated m
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today