Vulnerabilities > Dedecms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-18 | CVE-2024-46372 | Cross-site Scripting vulnerability in Dedecms 5.7.115 DedeCMS 5.7.115 is vulnerable to Cross Site Scripting (XSS) via the advertisement code box in the advertisement management module. | 6.1 |
| 2023-12-11 | CVE-2023-49494 | Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. | 6.1 |
| 2023-12-07 | CVE-2023-49492 | Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | 6.1 |
| 2023-12-07 | CVE-2023-49493 | Cross-site Scripting vulnerability in Dedecms 5.7.111 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | 6.1 |
| 2023-11-13 | CVE-2023-48068 | Cross-site Scripting vulnerability in Dedecms 6.2 DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | 5.4 |
| 2023-08-24 | CVE-2023-40874 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | 5.4 |
| 2023-08-24 | CVE-2023-40875 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. | 5.4 |
| 2023-08-24 | CVE-2023-40876 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | 5.4 |
| 2023-08-24 | CVE-2023-40877 | Cross-site Scripting vulnerability in Dedecms DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. | 5.4 |
| 2023-05-19 | CVE-2023-31757 | Cross-site Scripting vulnerability in Dedecms 5.7.108 DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian' | 5.4 |