CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

CVE-2026-10608

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

CVE-2026-10608 DedeCMS carbuyaction.php RemoveXSS sql injection

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

EUVD-2026-33997

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

CVE-2026-10608

This CVE affects DedeCMS 5.7.88 and the vulnerable component is the function RemoveXSS in the file /plus/carbuyaction.php . The root cause is described as manipulation of the arguments postname/des leading to an SQL injection vulnerability. The impact is described as enabling remote exploitation ...

EUVD-2018-8559

Malware in sbrugna...

EUVD-2022-1806

Malicious code in bioql PyPI...

CVE-2010-3715

Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the RemoveXSS function, and allow remote authenticated users to inject arbitrary web...

CVE-2024-12183

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2024-12183 DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2024-12183 DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Th...

DesDev DedeCMS 代码注入漏洞

DesDev DedeCMS Dream Weaving Content Management System is a PHP-based open source content management system CMS from China Zhuozhuo DesDev. The system has content publishing, content management, content editing and content retrieval functions. A code injection vulnerability exists in DesDev DedeC...

PT-2024-17475 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A problematic vulnerability was found in DedeCMS, affecting the RemoveXSS function of the file /plus/carbuyaction.php in the HTTP POST Request Handler component. This leads to cross-site scripting attacks,...

TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend

Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the RemoveXSS function, and allow remote authenticated users to inject arbitrary web...

GHSA-MWQV-JFF6-5V62 TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend

Multiple cross-site scripting XSS vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the RemoveXSS function, and allow remote authenticated users to inject arbitrary web...

GHSA-W3V6-R62R-FVQH Typo3 API XSS Vulnerabilities

The t3libdiv::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting XSS protection mechanism and inject arbitrary web script or HTML via non printable characters...

Typo3 XSS in RemoveXSS function

Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function...

GHSA-Q22W-R5QQ-V3WF Typo3 XSS in RemoveXSS function

Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function...

CVE-2011-4903

Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function...

CVE-2011-4903

Cross-site Scripting XSS in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function...