CVE-2020-16632

Name of the Vulnerable Software and Affected Versions DedeCMS version V5.7 SP2

Description A XSS issue in the "/uploads/dede/action search.php" endpoint allows an authenticated user to execute remote arbitrary code via the keyword parameter.

Recommendations For DedeCMS version V5.7 SP2, as a temporary workaround, consider restricting access to the "/uploads/dede/action search.php" endpoint until a patch is available. Avoid using the keyword parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.