CVE-2020-23044

Name of the Vulnerable Software and Affected Versions DedeCMS version 7.5 SP2

Description The issue is related to the lack of protection measures for the web page structure in the file pic view.php component of the DedeCMS content management system. This can be exploited by a remote attacker to conduct cross-site scripting (XSS) attacks. The vulnerability is specifically found in the activepath, keyword, tag, fmdo=x&filename, CKEditor, and CKEditorFuncNum parameters.

Recommendations For DedeCMS version 7.5 SP2, consider disabling the file pic view.php component until a patch is available to prevent exploitation of the XSS vulnerability via the activepath, keyword, tag, fmdo=x&filename, CKEditor, and CKEditorFuncNum parameters. Restrict access to these parameters in the component to minimize the risk of XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.