PT-2021-7901 · Dedecms+1 · Dedecms+1
Published
2021-10-22
·
Updated
2021-10-26
·
CVE-2020-36492
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DedeCMS version 7.5 SP2
Description
The issue is related to the lack of protection measures for the web page structure in the select media.php component of the DedeCMS content management system. This can be exploited by a remote attacker to conduct cross-site scripting (XSS) attacks. The vulnerability is specifically found in the
activepath, keyword, tag, fmdo=x&filename, CKEditor, and CKEditorFuncNum parameters.Recommendations
For DedeCMS version 7.5 SP2, consider disabling the select media.php component or restricting access to it until a patch is available. As a temporary workaround, avoid using the
activepath, keyword, tag, fmdo=x&filename, CKEditor, and CKEditorFuncNum parameters in the affected component to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ckeditor
Dedecms