Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Dedecms
(Dedecms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 88 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-11 | CVE-2023-49494 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. | Dedecms | 6.1 | ||
| 2023-12-07 | CVE-2023-49492 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | Dedecms | 6.1 | ||
| 2023-12-07 | CVE-2023-49493 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | Dedecms | 6.1 | ||
| 2023-11-16 | CVE-2023-43275 | Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. | Dedecms | 8.8 | ||
| 2023-11-13 | CVE-2023-48068 | DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | Dedecms | 5.4 | ||
| 2023-09-28 | CVE-2023-43226 | An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | Dedecms | 8.8 | ||
| 2023-09-12 | CVE-2023-40784 | DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php. | Dedecms | 9.8 | ||
| 2023-08-24 | CVE-2023-40874 | DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | Dedecms | 5.4 | ||
| 2023-08-24 | CVE-2023-40875 | DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. | Dedecms | 5.4 | ||
| 2023-08-24 | CVE-2023-40876 | DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | Dedecms | 5.4 |