Vulnerabilities > Dedecms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-13 | CVE-2018-20129 | Code Injection vulnerability in Dedecms 5.7 An issue was discovered in DedeCMS V5.7 SP2. | 8.8 |
2018-11-07 | CVE-2018-19061 | SQL Injection vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter. | 9.8 |
2018-10-29 | CVE-2018-18782 | Cross-site Scripting vulnerability in Dedecms 5.7 Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | 6.1 |
2018-10-29 | CVE-2018-18781 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | 6.1 |
2018-10-23 | CVE-2018-18608 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | 6.1 |
2018-10-22 | CVE-2018-18579 | Cross-site Scripting vulnerability in Dedecms 5.7 Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | 6.1 |
2018-10-22 | CVE-2018-18578 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | 6.1 |
2018-09-21 | CVE-2018-16786 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | 6.1 |
2018-09-21 | CVE-2018-16784 | XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring. | 7.2 |
2018-09-19 | CVE-2018-16785 | XML Injection (aka Blind XPath Injection) vulnerability in Dedecms 5.7 XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell | 8.8 |