Zchuanwen

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.113 **Description** The issue allows a remote attacker to execute arbitrary code via the `typeid` parameter in the makehtml list action.php component. This is a Cross Site Scripting vulnerability. **Recommendations** For DedeCMS version 5.7.113, consider restricting access to the makehtml list action.php component until a patch is available. As a temporary workaround, avoid using the `typeid` parameter in the affected component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** DedeCMS version 5.7.113 **Description** The issue allows a remote attacker to run arbitrary code via the `mnum` parameter, which is related to a Cross Site Scripting vulnerability. **Recommendations** For DedeCMS version 5.7.113, consider restricting access to the `mnum` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.