1Erkeu

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.97 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities are located at the `/dede/co do.php` endpoint via the `dopost`, `rpok`, and `aid` parameters. **Recommendations** For DedeCMS version 5.7.97, consider disabling access to the `/dede/co do.php` endpoint until a patch is available. As a temporary workaround, restrict the use of the `dopost`, `rpok`, and `aid` parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.