CVE-2023-40877
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Aug 24, 2023
Updated: Aug 25, 2023
CWE ID 79
Summary
CVE-2023-40877: A cross-site scripting (XSS) vulnerability was identified in DedeCMS versions up to and including 5.7.110. Hackers can exploit this flaw by injecting malicious code through the title parameter in the /dede/freelist_edit.php file. Successful exploitation could lead to unintended execution of malicious scripts in users' browsers, potentially compromising their data or exposing sensitive information. It is highly recommended that affected users update their DedeCMS installations to the latest version as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- DedeCMS
Affected Vendors
- DedeCMS