Vulnerabilities > Dedecms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-29 | CVE-2018-18781 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the /member/uploads_select.php f or keyword parameter. | 6.1 |
| 2018-10-23 | CVE-2018-18608 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | 6.1 |
| 2018-10-22 | CVE-2018-18579 | Cross-site Scripting vulnerability in Dedecms 5.7 Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | 6.1 |
| 2018-10-22 | CVE-2018-18578 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | 6.1 |
| 2018-09-21 | CVE-2018-16786 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php. | 6.1 |
| 2018-02-12 | CVE-2018-6881 | Information Exposure vulnerability in multiple products EmpireCMS 6.6 allows remote attackers to discover the full path via an array value for a parameter to admin/tool/ShowPic.php. | 5.3 |