CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36583
https://notcve.org/view.php?id=CVE-2022-36583
01 Sep 2022 — DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. Se ha detectado que DedeCMS versión V5.7.97, contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo /dede/co_do.php por medio de los parámetros dopost, rpok y aid • https://blog.csdn.net/weixin_45996361/article/details/125882580 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-35516
https://notcve.org/view.php?id=CVE-2022-35516
17 Aug 2022 — DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. Se ha detectado que DedeCMS versiones v5.7.93 - v5.7.96, contienen una vulnerabilidad de ejecución de código remota en el archivo login.php. • https://github.com/whitehatl/Vulnerability/blob/main/web/dedecms/5.7.93/Login.poc.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36216
https://notcve.org/view.php?id=CVE-2022-36216
17 Aug 2022 — DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. Se ha detectado que DedeCMS versiones v5.7.94 - v5.7.97, contienen una vulnerabilidad de ejecución de código remota en el archivo member_toadmin.php. • https://github.com/whitehatl/Vulnerability/blob/main/web/dedecms/5.7.94/member_toadmin.poc.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34531
https://notcve.org/view.php?id=CVE-2022-34531
29 Jul 2022 — DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. Se ha detectado que DedeCMS versión v5.7.95, contiene una vulnerabilidad de ejecución de código remota (RCE) por medio del componente mytag_ main.php • https://github.com/Airrudder/vuls/blob/main/dedecms/DedeCMS-v5.7.95-RCE.md •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30508
https://notcve.org/view.php?id=CVE-2022-30508
26 May 2022 — DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. Se ha detectado que DedeCMS versión v5.7.93, contiene una vulnerabilidad de eliminación arbitraria de archivos en el archivo upload.php por medio del parámetro delete • https://github.com/1security/Vulnerability/blob/master/web/dedecms/1.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23337
https://notcve.org/view.php?id=CVE-2022-23337
14 Feb 2022 — DedeCMS v5.7.87 was discovered to contain a SQL injection vulnerability in article_coonepage_rule.php via the ids parameter. Se ha detectado que DedeCMS versión v5.7.87, contiene una vulnerabilidad de inyección SQL en el archivo article_coonepage_rule.php por medio del parámetro ids • http://note.youdao.com/noteshare?id=608f19009c8bd1ace5f1a59c1ddd657b • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23044
https://notcve.org/view.php?id=CVE-2020-23044
22 Oct 2021 — DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. Se ha detectado que DedeCMS versión v7.5 SP2 contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente file_pic_view.php por medio de los parámetros "activepath", "keyword", "tag", "fmdo=x&filename", "CKEditor" y "CKEditorFuncNum" • https://www.vulnerability-lab.com/get_content.php?id=2195 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23046
https://notcve.org/view.php?id=CVE-2020-23046
22 Oct 2021 — DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. Se ha detectado que DedeCMS versión v7.5 SP2, contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente tpl.php por medio de los parámetros "filename", "mid", "userid" y "templet" • https://www.vulnerability-lab.com/get_content.php?id=2194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36491
https://notcve.org/view.php?id=CVE-2020-36491
22 Oct 2021 — DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. Se ha detectado que DedeCMS versión v7.5 SP2, contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente tags_main.php por medio de los parámetros "activepath", "keyword", "tag", "fmdo=x&filename", "CKEditor" y "CKEditorFuncNum" • https://www.vulnerability-lab.com/get_content.php?id=2195 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36490
https://notcve.org/view.php?id=CVE-2020-36490
22 Oct 2021 — DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. Se ha detectado que DedeCMS versión v7.5 SP2, contiene múltiples vulnerabilidades de tipo cross-site scripting (XSS) en el componente file_manage_view.php por medio de los parámetros "activepath", "keyword", "tag", "fmdo=x&filename", "CKEditor" y "CKEditorFuncNum" • https://www.vulnerability-lab.com/get_content.php?id=2195 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •