CVE-2020-23046: XSS
First published: Fri Oct 22 2021(Updated: )
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms Dedecms | =7.5-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-23046?
CVE-2020-23046 is a vulnerability in DedeCMS v7.5 SP2 that allows for multiple cross-site scripting (XSS) attacks.
How does CVE-2020-23046 affect DedeCMS?
CVE-2020-23046 affects DedeCMS v7.5 SP2 through cross-site scripting vulnerabilities in the tpl.php component.
What parameters in DedeCMS v7.5 SP2 are vulnerable to cross-site scripting (XSS) attacks?
The 'filename', 'mid', 'userid', and 'templet' parameters in DedeCMS v7.5 SP2 are vulnerable to cross-site scripting (XSS) attacks.
What is the severity of CVE-2020-23046?
CVE-2020-23046 has a severity rating of medium (6.1).
How can I fix CVE-2020-23046 in DedeCMS v7.5 SP2?
To fix CVE-2020-23046 in DedeCMS v7.5 SP2, make sure to implement proper input validation and sanitization to prevent cross-site scripting (XSS) attacks.
- collector/nvd-index
- vendor/dedecms
- canonical/dedecms dedecms
- version/dedecms dedecms/7.5-sp2