Vulnerabilities > Dedecms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2020-36492 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 3.5 |
| 2021-10-22 | CVE-2020-36493 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 3.5 |
| 2021-10-22 | CVE-2020-36494 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 4.3 |
| 2021-10-22 | CVE-2020-36495 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 4.3 |
| 2021-10-22 | CVE-2020-36496 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 4.3 |
| 2021-10-22 | CVE-2020-36497 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 4.3 |
| 2021-08-27 | CVE-2020-18114 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | 7.5 |
| 2021-08-24 | CVE-2020-18917 | Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. | 6.8 |
| 2021-06-16 | CVE-2020-22198 | SQL Injection vulnerability in Dedecms 5.7 SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. | 7.5 |
| 2021-05-15 | CVE-2020-16632 | Cross-site Scripting vulnerability in Dedecms 5.7 A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. | 3.5 |