EUVD-2026-33997

A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of the argument postname/des results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used f...

PT-2024-17475 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A problematic vulnerability was found in DedeCMS, affecting the RemoveXSS function of the file /plus/carbuyaction.php in the HTTP POST Request Handler component. This leads to cross-site scripting attacks,...

Dedecms presence of a stored cross site scripting vulnerability

Vulnerability description: Dedecms is an open source PHP open source website management system. Dedecms member function carbuyaction. php in the address, des, email, postname parameters there is stored XSS vulnerability, the attacker may exploit the vulnerability to obtain the administrator cooki...

DedeCms 5.6 /plus/carbuyaction.php 本地文件包含漏洞

No description provided by source...

织梦(Dedecms) V5.6 plus/carbuyaction.php 本地文件包含漏洞

No description provided by source. http://www.ssvdb.com/plus/carbuyaction.php?dopost=return&code=../../...