CVE-2018-16786
CVE-2018-16786 concerns DedeCMS 5.7 SP2, where a Cross-Site Scripting (XSS) flaw exists in the /plus/feedback_ajax.php file. The vulnerability is triggered via an onhashchange attribute in the msg parameter, allowing arbitrary JavaScript execution in the context of the affected user. The availabl...