| Title | DedeCMS V5.7.116 Cross Site Scripting |
|---|
| Description | Summary
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the DedeCMS V5.7.116 content management system. The vulnerability exists due to insufficient filtering of the body parameter in the /member/article_add.php script. This issue allows an attacker to inject malicious scripts into articles, potentially compromising the security of the website and its users.
Details
The vulnerability is present in the /member/article_add.php script, which does not adequately sanitize the body parameter.
It seems to filter script only as a keyword.
image
An attacker with the ability to register as a member and publish articles can exploit this flaw by injecting malicious scripts into the article content.
These scripts can be executed when other users view the compromised article. |
|---|
| Source | ⚠️ https://github.com/Hebing123/cve/issues/76 |
|---|
| User | jiashenghe (UID 39445) |
|---|
| Submission | 11/27/2024 08:05 (2 years ago) |
|---|
| Moderation | 12/04/2024 17:31 (7 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 286902 [DedeCMS 5.7.116 /member/article_add.php body cross site scripting] |
|---|
| Points | 20 |
|---|