Page 2 of 15 results (0.000 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. • https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss3.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. • https://github.com/DiliLearngent/BugReport/blob/main/php/DedeCMS/xss1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. • http://dedecms.com https://www.dedecms.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. • https://github.com/CN016/DedeCMS-getshell-CVE-2023-2928- https://github.com/testwordpress123/cve/blob/main/dedecms.md https://vuldb.com/?ctiid.230083 https://vuldb.com/?id.230083 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. • https://srpopty.github.io/2023/02/27/DedeCMS-V5.7.160-Backend-SQLi-story • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •