10 matches found
CVE-2023-40877
DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting XSS vulnerability at /dede/freelistedit.php via the title parameter...
EUVD-2023-45416
Malicious code in bioql PyPI...
CVE-2023-40875
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting XSS vulnerabilities at /dede/voteedit.php via the votename and votenote parameters...
Sql injection
A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tagalias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...
CVE-2023-4747 DedeCMS tags.php sql injection
A vulnerability classified as critical was found in DedeCMS 5.7.110. This vulnerability affects unknown code of the file /uploads/tags.php. The manipulation of the argument tagalias leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...
PT-2023-27684 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS versions up to and including 5.7.110 Description: A cross-site scripting XSS issue was found in DedeCMS. The issue is located at the "/dede/freelist edit.php" API endpoint via the title parameter. Recommendations: For DedeCMS versions...
CVE-2023-40874
DedeCMS (versions up to 5.7.110) contains multiple cross-site scripting (XSS) vulnerabilities in /dede/vote_add.php, exploitable via the votename and voteitem1 parameters. Root cause: input handling in that endpoint allows injected scripts. Impact: standard XSS risk; exact exploitation details an...
Desdev DedeCMS 跨站脚本漏洞
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A cross-site scripting vulnerability...
CVE-2023-40875
DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting XSS vulnerabilities at /dede/voteedit.php via the votename and votenote parameters...
CVE-2023-40876
DedeCMS up to version 5.7.110 has a cross-site scripting (XSS) vulnerability in /dede/freelist_add.php via the title parameter. The affected software is DedeCMS; the root cause is unsanitized input in the title field. Exploitation status and remediation details are not provided in the connected d...