PT-2023-31246 · Dedecms · Dedecms

Hebing123

Published

2023-12-07

Updated

2023-12-12

CVE-2023-49493

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.111

Description A reflective cross-site scripting (XSS) issue was discovered in DedeCMS. The vulnerability is exploited via the v parameter at the "selectimages.php" endpoint. This allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized actions on behalf of the user.

Recommendations For DedeCMS version 5.7.111, as a temporary workaround, consider restricting access to the "selectimages.php" endpoint or disabling the v parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-49493

Affected Products

Dedecms

PT-2023-31246 · Dedecms · Dedecms

CVE-2023-49493

Weakness Enumeration

Related Identifiers

Affected Products

References · 6