Dedecms : Security Vulnerabilities, CVEs, (XSS)
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-13
Updated
2024-03-13
DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-11-13
Updated
2023-11-16
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-05-19
Updated
2023-05-26
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
Max CVSS
5.4
EPSS Score
0.06%
Published
2023-02-02
Updated
2023-02-09
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-09-01
Updated
2022-09-07
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-10-22
Updated
2021-10-26
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-10-22
Updated
2021-10-26
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-10-22
Updated
2021-10-26
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-10-22
Updated
2021-10-26
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-10-22
Updated
2021-10-26
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-10-22
Updated
2021-10-26
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-10-22
Updated
2021-10-28
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-10-22
Updated
2021-10-28
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
Max CVSS
5.4
EPSS Score
0.08%
Published
2020-10-22
Updated
2022-06-03
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Max CVSS
6.1
EPSS Score
0.08%
Published
2021-10-22
Updated
2021-10-28
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-10-22
Updated
2021-10-28
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
Max CVSS
5.4
EPSS Score
0.06%
Published
2021-05-15
Updated
2021-05-21
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.
Max CVSS
6.1
EPSS Score
0.07%
Published
2018-10-29
Updated
2018-12-03
DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-10-29
Updated
2018-12-03
DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.
Max CVSS
6.1
EPSS Score
0.10%
Published
2018-10-23
Updated
2018-12-04
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
Max CVSS
6.1
EPSS Score
0.07%
Published
2018-10-22
Updated
2018-12-03
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
Max CVSS
6.1
EPSS Score
0.07%
Published
2018-10-22
Updated
2018-12-03
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.
Max CVSS
6.1
EPSS Score
0.09%
Published
2018-09-21
Updated
2018-11-08
25 vulnerabilities found