Vulnerabilities > Dedecms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-11 | CVE-2023-49494 | Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. | 6.1 |
| 2023-12-07 | CVE-2023-49492 | Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | 6.1 |
| 2023-12-07 | CVE-2023-49493 | Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | 6.1 |
| 2023-11-16 | CVE-2023-43275 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. | 8.8 |
| 2023-11-13 | CVE-2023-48068 | Cross-site Scripting vulnerability in Dedecms 6.2 DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | 5.4 |
| 2023-09-30 | CVE-2023-5301 | Unspecified vulnerability in Dedecms 5.7.111 A vulnerability classified as critical was found in DedeCMS 5.7.111. | 8.8 |
| 2023-09-28 | CVE-2023-43226 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | 8.8 |
| 2023-09-17 | CVE-2023-5022 | Unspecified vulnerability in Dedecms A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. | 8.8 |
| 2023-09-12 | CVE-2023-40784 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.102 DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. | 9.8 |
| 2023-09-04 | CVE-2023-4747 | Unspecified vulnerability in Dedecms 5.7.110 A vulnerability classified as critical was found in DedeCMS 5.7.110. | 9.8 |