DedeCMS V5.7.113 vulnerable to Cross Site Scripting (XSS)
CVE-2024-34959

5.5MEDIUM

Key Information:

Vendor: DedeCMS
Status: Dedecms
Vendor: CVE Published:; 17 May 2024

What is CVE-2024-34959?

DedeCMS version 5.7.113 contains a security vulnerability that allows attackers to execute malicious scripts in the context of a user's session. This Cross Site Scripting (XSS) flaw can be exploited via the sys_data_replace.php file, potentially allowing unauthorized access to sensitive user data and session information. Implementing proper input validation and output encoding can help mitigate the risks associated with this vulnerability. Users of affected versions are advised to update to secure versions and follow recommended security practices to safeguard their web applications.

References

https://gitee.com/upgogo/s123/issues/I9MARO

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 17, 2024