CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44717
https://notcve.org/view.php?id=CVE-2024-44717
29 Aug 2024 — A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. • https://gitee.com/DedeBIZ/DedeV6/releases/tag/6.3.0 •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44716
https://notcve.org/view.php?id=CVE-2024-44716
29 Aug 2024 — A cross-site scripting (XSS) vulnerability in DedeBIZ v6.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. • https://gitee.com/DedeBIZ/DedeV6/releases/tag/6.3.0 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7906 – DedeBIZ Attachment Settings select_images_post.php get_mime_type unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7906
18 Aug 2024 — A vulnerability classified as critical was found in DedeBIZ 6.3.0. This vulnerability affects the function get_mime_type of the file /admin/dialog/select_images_post.php of the component Attachment Settings. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE17-4.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7905 – DedeBIZ archives_do.php AdminUpload unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7905
18 Aug 2024 — A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/DeepMountains/Mirage/blob/main/CVE17-3.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7904 – DedeBIZ File Extension file_manage_control.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7904
18 Aug 2024 — A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/file_manage_control.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be launched remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE17-2.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7903 – DedeBIZ File Extension media_add.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-7903
18 Aug 2024 — A vulnerability was found in DedeBIZ 6.3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/media_add.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack can be launched remotely. • https://github.com/DeepMountains/Mirage/blob/main/CVE17-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0558 – DedeBIZ makehtml_freelist_action.php sql injection
https://notcve.org/view.php?id=CVE-2024-0558
15 Jan 2024 — A vulnerability has been found in DedeBIZ 6.3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/makehtml_freelist_action.php. The manipulation of the argument startid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20sqli%201/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0557 – DedeBIZ Website Copyright Setting cross site scripting
https://notcve.org/view.php?id=CVE-2024-0557
15 Jan 2024 — A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20StoredXSS/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-7181 – Muyun DedeBIZ Add Attachment unrestricted upload
https://notcve.org/view.php?id=CVE-2023-7181
30 Dec 2023 — A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20file%20upload/README.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-31546
https://notcve.org/view.php?id=CVE-2023-31546
14 Dec 2023 — Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature. La vulnerabilidad de Cross Site Scripting (XSS) en DedeBIZ v6.0.3 permite a los atacantes ejecutar código arbitrario a través de la función de búsqueda. • https://github.com/ran9ege/CVE-2023-31546 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •