Vulnerabilities > Dedecms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-24 CVE-2023-40875 Cross-site Scripting vulnerability in Dedecms
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.
network
low complexity
dedecms CWE-79
5.4
5.4
2023-08-24 CVE-2023-40876 Cross-site Scripting vulnerability in Dedecms
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.
network
low complexity
dedecms CWE-79
5.4
5.4
2023-08-24 CVE-2023-40877 Cross-site Scripting vulnerability in Dedecms
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter.
network
low complexity
dedecms CWE-79
5.4
5.4
2023-05-19 CVE-2023-31757 Cross-site Scripting vulnerability in Dedecms 5.7.108
DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'
network
low complexity
dedecms CWE-79
5.4
5.4
2023-04-14 CVE-2023-2059 Unspecified vulnerability in Dedecms 5.7.87
A vulnerability was found in DedeCMS 5.7.87.
network
low complexity
dedecms
5.3
5.3
2023-02-02 CVE-2022-48140 Cross-site Scripting vulnerability in Dedecms 5.7.97
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
network
low complexity
dedecms CWE-79
5.4
5.4
2022-11-17 CVE-2022-43192 Unrestricted Upload of File with Dangerous Type vulnerability in Dedecms 5.7.101
An arbitrary file upload vulnerability in the component /dede/file_manage_control.php of Dedecms v5.7.101 allows attackers to execute arbitrary code via a crafted PHP file.
local
low complexity
dedecms CWE-434
6.7
6.7
2022-09-01 CVE-2022-36583 Cross-site Scripting vulnerability in Dedecms 5.7.97
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters.
network
low complexity
dedecms CWE-79
6.1
6.1
2022-05-26 CVE-2022-30508 Path Traversal vulnerability in Dedecms 5.7.93
DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.
network
low complexity
dedecms CWE-22
6.5
6.5
2021-10-22 CVE-2020-23044 Cross-site Scripting vulnerability in Dedecms 7.5
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
network
low complexity
dedecms CWE-79
5.4
5.4