Cross-Site Scripting Vulnerability in DedeCMS SWF File Handler
CVE-2024-12181
Key Information:
Badges
Summary
CVE-2024-12181 is a critical vulnerability discovered in DedeCMS version 5.7.116, specifically affecting the SWF file handler component located at /member/uploads_add.php. This vulnerability allows for cross-site scripting (XSS) attacks, which can be initiated remotely through manipulation of the 'mediatype' argument. The exploitation of this vulnerability poses significant risks, as it can facilitate unauthorized execution of scripts in the context of the user’s browser. Given that details of this exploit have been publicly disclosed, organizations using DedeCMS should take immediate action to mitigate potential threats.
Affected Version(s)
DedeCMS 5.7.116
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published