| Titel | DedeCMS V5.7.116 Cross Site Scripting |
|---|
| Beschreibung | Summary
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the DedeCMS V5.7.116 content management system. The vulnerability exists due to insufficient filtering of the body parameter in the /member/article_add.php script. This issue allows an attacker to inject malicious scripts into articles, potentially compromising the security of the website and its users.
Details
The vulnerability is present in the /member/article_add.php script, which does not adequately sanitize the body parameter.
It seems to filter script only as a keyword.
image
An attacker with the ability to register as a member and publish articles can exploit this flaw by injecting malicious scripts into the article content.
These scripts can be executed when other users view the compromised article. |
|---|
| Quelle | ⚠️ https://github.com/Hebing123/cve/issues/76 |
|---|
| Benutzer | jiashenghe (UID 39445) |
|---|
| Einreichung | 27.11.2024 08:05 (vor 2 Jahren) |
|---|
| Moderieren | 04.12.2024 17:31 (7 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 286902 [DedeCMS 5.7.116 /member/article_add.php body Cross Site Scripting] |
|---|
| Punkte | 20 |
|---|