CVE-2023-49493

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.111

Description A reflective cross-site scripting (XSS) issue was discovered in DedeCMS. The vulnerability is exploited via the v parameter at the "selectimages.php" endpoint. This allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions on behalf of the user.

Recommendations For DedeCMS version 5.7.111, as a temporary workaround, consider restricting access to the "selectimages.php" endpoint or disabling the v parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.