Vulnerabilities > Dedecms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-22 | CVE-2020-27533 | Cross-site Scripting vulnerability in Dedecms 5.8 A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | 5.4 |
| 2019-03-24 | CVE-2019-10014 | Incorrect Authorization vulnerability in Dedecms 5.7 In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. | 6.5 |
| 2018-10-29 | CVE-2018-18782 | Cross-site Scripting vulnerability in Dedecms 5.7 Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | 6.1 |
| 2018-10-29 | CVE-2018-18781 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | 6.1 |
| 2018-10-23 | CVE-2018-18608 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | 6.1 |
| 2018-10-22 | CVE-2018-18579 | Cross-site Scripting vulnerability in Dedecms 5.7 Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | 6.1 |
| 2018-10-22 | CVE-2018-18578 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | 6.1 |
| 2018-09-21 | CVE-2018-16786 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | 6.1 |
| 2018-02-12 | CVE-2018-6881 | Information Exposure vulnerability in multiple products EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. | 5.3 |