CVE-2023-49492

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.111

Description A reflective cross-site scripting (XSS) issue was discovered in DedeCMS. The vulnerability is exploited via the imgstick parameter at the "selectimages.php" endpoint. This allows for malicious scripts to be injected and executed, potentially leading to unauthorized actions on the affected system.

Recommendations For DedeCMS version 5.7.111, as a temporary workaround, consider restricting access to the "selectimages.php" endpoint or disabling the use of the imgstick parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.