Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local malicious user to execute arbitrary code via a crafted payload to the stepselect_main.php component.