CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40875
https://notcve.org/view.php?id=CVE-2023-40875
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. • https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40877
https://notcve.org/view.php?id=CVE-2023-40877
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. • https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss4.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40876
https://notcve.org/view.php?id=CVE-2023-40876
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. • https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss3.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-40874
https://notcve.org/view.php?id=CVE-2023-40874
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. • https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36298
https://notcve.org/view.php?id=CVE-2023-36298
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). • https://github.com/MentalityXt/Dedecms-v5.7.109-RCE • CWE-434: Unrestricted Upload of File with Dangerous Type •