Vulnerabilities > Dedecms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-22 | CVE-2020-36492 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 5.4 |
| 2021-10-22 | CVE-2020-36493 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. | 5.4 |
| 2021-10-22 | CVE-2020-36494 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 6.1 |
| 2021-10-22 | CVE-2020-36495 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 6.1 |
| 2021-10-22 | CVE-2020-36496 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 6.1 |
| 2021-10-22 | CVE-2020-36497 | Cross-site Scripting vulnerability in Dedecms 7.5 DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters. | 6.1 |
| 2021-05-15 | CVE-2020-16632 | Cross-site Scripting vulnerability in Dedecms 5.7 A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter. | 5.4 |
| 2020-10-22 | CVE-2020-27533 | Cross-site Scripting vulnerability in Dedecms 5.8 A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | 5.4 |
| 2019-03-24 | CVE-2019-10014 | Incorrect Authorization vulnerability in Dedecms 5.7 In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated. | 6.5 |
| 2018-10-29 | CVE-2018-18782 | Cross-site Scripting vulnerability in Dedecms 5.7 Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter. | 6.1 |