17 matches found
CVE-2018-19061
DedeCMS 5.7 SP2 has SQL Injection via the dede\codo.php ids parameter...
CVE-2018-18782
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter...
CVE-2018-18781
DedeCMS 5.7 SP2 allows XSS via the /member/uploadsselect.php f or keyword parameter...
Cross site scripting
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter...
Cross site scripting
DedeCMS 5.7 SP2 allows XSS via the /member/uploadsselect.php f or keyword parameter...
CVE-2018-18781
DedeCMS 5.7 SP2 allows XSS via the /member/uploadsselect.php f or keyword parameter...
CVE-2018-18782
CVE-2018-18782 affects DedeCMS 5.7 SP2, with a Reflected XSS in the /member/myfriend.php ftype parameter. The root cause is the unescaped ftype input reflected in the page, enabling injection of arbitrary scripts. Documents do not provide exploitation status, in-the-wild details, or specific reme...
Cross site scripting
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter...
CVE-2018-18579
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...
CVE-2018-18579
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...
Cross site scripting
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...
CVE-2018-18578
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter...
CVE-2018-18579
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...
CVE-2018-18579
DedeCMS 5.7 SP2 is affected by a reflected XSS vulnerability in the /member/pm.php endpoint, exploitable via the folder parameter. The vulnerable component is DedeCMS’s web interface; input in the folder parameter can be reflected back to the user, enabling arbitrary script/HTML execution in a us...
Cross site scripting
DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedbackajax.php...
CVE-2018-16784
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "file type='file' name='../" substring...
CVE-2018-16784
DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "file type='file' name='../" substring...