CVE-2022-36583

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.97

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities are located at the /dede/co do.php endpoint via the dopost, rpok, and aid parameters.

Recommendations For DedeCMS version 5.7.97, consider disabling access to the /dede/co do.php endpoint until a patch is available. As a temporary workaround, restrict the use of the dopost, rpok, and aid parameters in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.