CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28668
https://notcve.org/view.php?id=CVE-2024-28668
13 Mar 2024 — DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php Se descubrió que DedeCMS v5.7 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través del componente /dede/mychannel_add.php • https://github.com/777erp/cms/blob/main/5.md •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28672
https://notcve.org/view.php?id=CVE-2024-28672
13 Mar 2024 — DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php. Se descubrió que DedeCMS v5.7 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /dede/media_edit.php. • https://github.com/777erp/cms/blob/main/3.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49453
https://notcve.org/view.php?id=CVE-2023-49453
12 Mar 2024 — Reflected cross-site scripting (XSS) vulnerability in Racktables v0.22.0 and before, allows local attackers to execute arbitrary code and obtain sensitive information via the search component in index.php. Vulnerabilidad de cross-site scripting (XSS) reflejado en Racktables v0.22.0 y anteriores permite a atacantes locales ejecutar código arbitrario y obtener información confidencial a través del componente de búsqueda en index.php. • https://github.com/nitipoom-jar/CVE-2023-49453 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-25327 – FullCourt Enterprise 8.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2024-25327
07 Mar 2024 — Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function. Vulnerabilidad de Cross Site Scripting (XSS) en Justice Systems FullCourt Enterprise v.8.2 permite a un atacante remoto ejecutar código arbitrario a través del parámetro formatCaseNumber de la función de búsqueda de citas. FullCourt Enterprise version 8.2 suffers from multiple cross site scripting vulnera... • https://packetstorm.news/files/id/177500 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52047
https://notcve.org/view.php?id=CVE-2023-52047
28 Feb 2024 — Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager. Se descubrió que Dedecms v5.7.112 contenía una Cross-Site Request Forgery (CSRF) en el administrador de archivos. • https://github.com/chongfujun/test/blob/main/2023-52047.docx • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22895
https://notcve.org/view.php?id=CVE-2024-22895
22 Jan 2024 — DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. DedeCMS 5.7.112 tiene una vulnerabilidad de carga de archivos a través de uploads/dede/module_upload.php. • https://github.com/zzq66/cve5 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7212 – DeDeCMS Backend file_class.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-7212
07 Jan 2024 — A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://hmxwjm7x03.feishu.cn/docx/FPjhdYcQvocR4gxy34Rc0pmon5e?from=from_copylink • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49494
https://notcve.org/view.php?id=CVE-2023-49494
11 Dec 2023 — DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. Se descubrió que DedeCMS v5.7.111 contiene una vulnerabilidad de cross-site scripting (XSS) reflectantes a través del componente select_media_post_wangEditor.php. • http://dedecms.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49493
https://notcve.org/view.php?id=CVE-2023-49493
07 Dec 2023 — DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. Se descubrió que DedeCMS v5.7.111 contiene una vulnerabilidad de Cross-Site Scripting (XSS) Reflectante a través del parámetro v en selectimages.php. • https://github.com/Hebing123/cve/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49492
https://notcve.org/view.php?id=CVE-2023-49492
07 Dec 2023 — DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. Se descubrió que DedeCMS v5.7.111 contiene una vulnerabilidad Cross-Site Scripting (XSS) Reflectante a través del parámetro imgstick en selectimages.php. • https://github.com/Hebing123/cve/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •