CVE-2024-12180

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.116

Description A vulnerability has been found in DedeCMS, affecting an unknown function of the file /member/article add.php. The manipulation of the body argument leads to cross-site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For DedeCMS version 5.7.116, as a temporary workaround, consider disabling the affected function in the /member/article add.php file until a patch is available. Restrict access to the /member/article add.php file to minimize the risk of exploitation. Avoid using the body argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.