Vulnerabilities > Dedecms

DATE	CVE	VULNERABILITY TITLE	RISK
2021-10-22	CVE-2020-36494	Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. network low complexity dedecms CWE-79	6.1
2021-10-22	CVE-2020-36495	Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters. network low complexity dedecms CWE-79	6.1
2021-10-22	CVE-2020-36496	Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. network low complexity dedecms CWE-79	6.1
2021-10-22	CVE-2020-36497	Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters. network low complexity dedecms CWE-79	6.1
2021-08-27	CVE-2020-18114	Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7 An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. network low complexity dedecms CWE-434 critical	9.8
2021-08-24	CVE-2020-18917	Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control. network low complexity dedecms CWE-352	8.8
2021-06-16	CVE-2020-22198	SQL Injection vulnerability in Dedecms 5.7 SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter to member/ajax_membergroup.php. network low complexity dedecms CWE-89 critical	9.8
2021-05-15	CVE-2020-16632	Cross-site Scripting vulnerability in Dedecms 5.7 A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. network low complexity dedecms CWE-79	5.4
2021-05-15	CVE-2021-32073	Cross-Site Request Forgery (CSRF) vulnerability in Dedecms 5.7 DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution. network low complexity dedecms CWE-352	8.8
2020-10-22	CVE-2020-27533	Cross-site Scripting vulnerability in Dedecms 5.8 A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. network low complexity dedecms CWE-79	5.4

Vulnerabilities > Dedecms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Dedecms"}]}

Vulnerabilities > Dedecms