CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12183 – DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting
https://notcve.org/view.php?id=CVE-2024-12183
04 Dec 2024 — A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/79 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12182 – DedeCMS soft_add.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12182
04 Dec 2024 — A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/78 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12181 – DedeCMS SWF File uploads_add.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12181
04 Dec 2024 — A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/77 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12180 – DedeCMS article_add.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12180
04 Dec 2024 — A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hebing123/cve/issues/76 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-9076 – DedeCMS article_string_mix.php os command injection
https://notcve.org/view.php?id=CVE-2024-9076
22 Sep 2024 — A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file article_string_mix.php. The manipulation leads to os command injection. The attack may be initiated remotely. • https://gitee.com/hjjjx/dede_cms/blob/master/article_string_mix_rce.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46373
https://notcve.org/view.php?id=CVE-2024-46373
18 Sep 2024 — Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. • https://github.com/gaorenyusi/gaorenyusi/blob/main/CVE-2024-46373.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46372
https://notcve.org/view.php?id=CVE-2024-46372
18 Sep 2024 — DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. • https://github.com/gaorenyusi/gaorenyusi/blob/main/CVE-2024-46372.md •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42636
https://notcve.org/view.php?id=CVE-2024-42636
23 Aug 2024 — DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath. • https://github.com/iami233/cve/issues/1 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6940 – DedeCMS article_template_rand.php code injection
https://notcve.org/view.php?id=CVE-2024-6940
21 Jul 2024 — A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. The manipulation leads to code injection. It is possible to initiate the attack remotely. • https://gitee.com/fushuling/cve/blob/master/dedeCMS%20V5.7.114%20article_template_rand.php%20code%20injection.md • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4591 – DedeCMS sys_group_add.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-4591
07 May 2024 — A vulnerability classified as problematic has been found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/sys_group_add.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hckwzh/cms/blob/main/22.md • CWE-352: Cross-Site Request Forgery (CSRF) •