Vulnerabilities > Dedecms

DATE CVE VULNERABILITY TITLE RISK
2023-12-07 CVE-2023-49493 Cross-site Scripting vulnerability in Dedecms 5.7.111
DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php.
network
low complexity
dedecms CWE-79
6.1
6.1
2023-11-16 CVE-2023-43275 Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7
Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form.
network
low complexity
dedecms CWE-352
8.8
8.8
2023-11-13 CVE-2023-48068 Cross-site Scripting vulnerability in Dedecms 6.2
DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
network
low complexity
dedecms CWE-79
5.4
5.4
2023-09-30 CVE-2023-5301 Unspecified vulnerability in Dedecms 5.7.111
A vulnerability classified as critical was found in DedeCMS 5.7.111.
network
low complexity
dedecms
8.8
8.8
2023-09-28 CVE-2023-43226 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
network
low complexity
dedecms CWE-434
8.8
8.8
2023-09-17 CVE-2023-5022 Unspecified vulnerability in Dedecms
A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical.
network
low complexity
dedecms
8.8
8.8
2023-09-12 CVE-2023-40784 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.102
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
network
low complexity
dedecms CWE-434
critical
 9.8
9.8
2023-09-04 CVE-2023-4747 Unspecified vulnerability in Dedecms 5.7.110
A vulnerability classified as critical was found in DedeCMS 5.7.110.
network
low complexity
dedecms
critical
 9.8
9.8
2023-08-24 CVE-2023-40874 Cross-site Scripting vulnerability in Dedecms
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.
network
low complexity
dedecms CWE-79
5.4
5.4
2023-08-24 CVE-2023-40875 Cross-site Scripting vulnerability in Dedecms
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.
network
low complexity
dedecms CWE-79
5.4
5.4