Vulnerabilities > Dedecms

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-22	CVE-2024-9076	OS Command Injection vulnerability in Dedecms A vulnerability was found in DedeCMS up to 5.7.115. network low complexity dedecms CWE-78	8.8
2024-09-18	CVE-2024-46372	Cross-site Scripting vulnerability in Dedecms 5.7.115 DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. network low complexity dedecms CWE-79	6.1
2024-07-21	CVE-2024-6940	Code Injection vulnerability in Dedecms 5.7.112 A vulnerability was found in DedeCMS 5.7.114. network low complexity dedecms CWE-94	7.2
2024-01-22	CVE-2024-22895	Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.112 DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. network low complexity dedecms CWE-434	8.8
2024-01-07	CVE-2023-7212	Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. network low complexity dedecms CWE-434 critical	9.8
2023-12-11	CVE-2023-49494	Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. network low complexity dedecms CWE-79	6.1
2023-12-07	CVE-2023-49492	Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. network low complexity dedecms CWE-79	6.1
2023-12-07	CVE-2023-49493	Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. network low complexity dedecms CWE-79	6.1
2023-11-16	CVE-2023-43275	Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. network low complexity dedecms CWE-352	8.8
2023-11-13	CVE-2023-48068	Cross-site Scripting vulnerability in Dedecms 6.2 DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. network low complexity dedecms CWE-79	5.4

Vulnerabilities > Dedecms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dedecms"}]}

Vulnerabilities > Dedecms