Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dedecms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-36496
DedeCMS v7.5 SP2 exists to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Dedecms Dedecms 7.5
9.8
CVSSv3
CVE-2023-40784
DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.
Dedecms Dedecms 5.7.102
5.4
CVSSv3
CVE-2020-27533
A Cross Site Scripting (XSS) issue exists in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
Dedecms Dedecms 5.8
7.2
CVSSv3
CVE-2022-40886
DedeCMS 5.7.98 has a file upload vulnerability in the background.
Dedecms Dedecms 5.7.98
1 Github repository
8.8
CVSSv3
CVE-2023-43275
Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows malicious users to create crafted web pages due to a lack of verification of the token value of the submitted form.
Dedecms Dedecms 5.7
6.5
CVSSv3
CVE-2019-10014
In DedeCMS 5.7SP2, member/resetpassword.php allows remote authenticated users to reset the passwords of arbitrary users via a modified id parameter, because the key parameter is not properly validated.
Dedecms Dedecms 5.7
9.8
CVSSv3
CVE-2023-3578
A vulnerability classified as critical was found in DedeCMS 5.7.109. Affected by this vulnerability is an unknown functionality of the file co_do.php. The manipulation of the argument rssurl leads to server-side request forgery. The exploit has been disclosed to the public and ma...
Dedecms Dedecms 5.7.109
5.4
CVSSv3
CVE-2022-48140
DedeCMS v5.7.97 exists to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.
Dedecms Dedecms 5.7.97
5.4
CVSSv3
CVE-2023-48068
DedeCMS v6.2 exists to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php.
Dedecms Dedecms 6.2
8.8
CVSSv3
CVE-2023-36298
DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).
Dedecms Dedecms 5.7.109
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »