| Titel | DedeCMS CMS V5.7.118 Cross Site Scripting |
|---|
| Beschreibung | In DedeCMS V5.7.118, a Cross-Site Scripting (XSS) vulnerability exploitable through the search field functionality, as presented in the action_search.php file, was identified. The flaw occurs due to the lack of proper validation and sanitization of user-supplied data, allowing the injection of malicious JavaScript code.
An attacker can exploit this vulnerability by inserting an XSS payload directly into the search field, causing the injected code to be processed and executed in the victim's browser when a request is handled or a response is displayed. As a proof of concept (PoC), the following payload was successfully executed: <script>alert(1)</script>
Upon submitting this payload through the search functionality, the JavaScript code is successfully executed, resulting in an alert being displayed in the browser, confirming the exploitation of the XSS vulnerability. |
|---|
| Quelle | ⚠️ http://localhost/dedecms/dede/ |
|---|
| Benutzer | mirandaBR (UID 90010) |
|---|
| Einreichung | 29.01.2026 03:02 (vor 2 Monaten) |
|---|
| Moderieren | 01.02.2026 09:20 (3 days later) |
|---|
| Status | Duplikat |
|---|
| VulDB Eintrag | 175098 [DeDeCMS 5.7 SP2 action_search.php keyword Cross Site Scripting] |
|---|
| Punkte | 0 |
|---|