CVE-2020-16632: XSS
First published: Fri May 14 2021(Updated: )
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms Dedecms | =5.7-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this XSS vulnerability?
The vulnerability ID is CVE-2020-16632.
What is the affected software version of this vulnerability?
The affected software version is DedeCMS 5.7 SP2.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by sending a specially crafted keyword parameter to the /uploads/dede/action_search.php page.
What is the severity rating of this vulnerability?
The severity rating for this vulnerability is medium with a CVSS score of 5.4.
Is there a fix available for this vulnerability?
At the moment, there is no official fix available. It is recommended to apply any available patches or updates provided by the vendor to mitigate the risk.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/weakness
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/dedecms
- canonical/dedecms dedecms
- version/dedecms dedecms/5.7-sp2