First published: Mon Oct 22 2018(Updated: )
DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dedecms v6 | =5.7-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-18578 is considered medium due to its potential for reflected cross-site scripting (XSS) attacks.
To fix CVE-2018-18578, ensure that proper input validation and sanitization measures are implemented on the plus/qrcode.php type parameter.
CVE-2018-18578 affects users of DedeCMS version 5.7 SP2.
CVE-2018-18578 is a reflected cross-site scripting (XSS) vulnerability.
Yes, if exploited, CVE-2018-18578 can lead to data theft and compromise of user sessions.