Vulnerabilities > Dedecms > Low

DATE CVE VULNERABILITY TITLE RISK
2021-10-22 CVE-2020-36493 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
3.5
2021-10-22 CVE-2020-36492 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
3.5
2021-10-22 CVE-2020-36491 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
3.5
2021-10-22 CVE-2020-36490 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
3.5
2021-10-22 CVE-2020-23044 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
dedecms CWE-79
3.5
3.5
2021-05-15 CVE-2020-16632 Cross-site Scripting vulnerability in Dedecms 5.7
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
network
dedecms CWE-79
3.5
3.5
2020-10-22 CVE-2020-27533 Cross-site Scripting vulnerability in Dedecms 5.8
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
network
dedecms CWE-79
3.5
3.5