Vulnerabilities > Dedecms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-22 | CVE-2020-23046 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 6.1 |
2021-10-22 | CVE-2020-36490 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 5.4 |
2021-10-22 | CVE-2020-36491 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 5.4 |
2021-10-22 | CVE-2020-36492 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 5.4 |
2021-10-22 | CVE-2020-36493 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 5.4 |
2021-10-22 | CVE-2020-36494 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 6.1 |
2021-10-22 | CVE-2020-36495 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 6.1 |
2021-10-22 | CVE-2020-36496 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 6.1 |
2021-10-22 | CVE-2020-36497 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 6.1 |
2021-08-27 | CVE-2020-18114 | Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | 9.8 |