CVE-2025-5383

LOW

Wanglongcn Yifang < 2.0.2 - Code Injection

Title source: rule

Description

A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

gitee 305 stars

by wanglongcn · phpwriteup

https://gitee.com/wanglongcn/yifang/issues/IC41YQ

References (3)

[Exploit, Issue Tracking] https://gitee.com/wanglongcn/yifang/issues/IC41YQ

[Permissions Required, Third Party Advisory, VDB Entry] https://vuldb.com/?ctiid.310676

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.310676

Scores

CVSS v3 2.4

EPSS 0.0014

EPSS Percentile 33.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-94 CWE-79

Status published

Products (1)

wanglongcn/yifang < 2.0.2

Published May 31, 2025

Tracked Since Feb 18, 2026