CVE-2020-36490

Name of the Vulnerable Software and Affected Versions DedeCMS version 7.5 SP2

Description The issue is related to multiple cross-site scripting (XSS) vulnerabilities in the file manage view.php component. These vulnerabilities can be exploited via the activepath, keyword, tag, fmdo=x&filename, CKEditor, and CKEditorFuncNum parameters. The exploitation of this issue may allow a remote attacker to conduct XSS attacks, which can lead to the execution of malicious scripts on the victim's browser.

Recommendations For DedeCMS version 7.5 SP2, as a temporary workaround, consider disabling the file manage view.php component until a patch is available. Restrict access to the vulnerable parameters activepath, keyword, tag, fmdo=x&filename, CKEditor, and CKEditorFuncNum to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.