CVE-2024-12183

Name of the Vulnerable Software and Affected Versions DedeCMS version 5.7.116

Description A problematic vulnerability was found in DedeCMS, affecting the RemoveXSS function of the file /plus/carbuyaction.php in the HTTP POST Request Handler component. This leads to cross-site scripting attacks, which can be initiated remotely. The exploit has been publicly disclosed.

Recommendations For DedeCMS version 5.7.116, as a temporary workaround, consider disabling the RemoveXSS function until a patch is available. Restrict access to the /plus/carbuyaction.php file to minimize the risk of exploitation. Avoid using the HTTP POST Request Handler component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.