First published: Mon Oct 22 2018(Updated: )
Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Dedecms v6 | =5.7-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-18579 is considered a medium severity reflected XSS vulnerability.
CVE-2018-18579 affects DedeCMS 5.7 SP2 by allowing attackers to inject malicious scripts via the 'folder' parameter in the /member/pm.php endpoint.
To fix CVE-2018-18579, ensure that user inputs are properly validated and sanitized before being processed by the application.
Yes, CVE-2018-18579 can be easily exploited by an attacker with knowledge of the application's URL structure.
Users of DedeCMS 5.7 SP2 should apply security patches and stay updated with the latest available version to mitigate risks associated with CVE-2018-18579.