2 matches found
CVE-2018-18579
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter...
CVE-2018-18579
DedeCMS 5.7 SP2 is affected by a reflected XSS vulnerability in the /member/pm.php endpoint, exploitable via the folder parameter. The vulnerable component is DedeCMS’s web interface; input in the folder parameter can be reflected back to the user, enabling arbitrary script/HTML execution in a us...