CVE-2024-29660

2024-04-2500:00:00

mitre

www.cve.org

cross site scripting

dedecms

arbitrary code execution

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component.

References

github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md