CVE-2020-36493: XSS
First published: Fri Oct 22 2021(Updated: )
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms Dedecms | =7.5-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-36493?
CVE-2020-36493 is a vulnerability found in DedeCMS v7.5 SP2 that allows for multiple cross-site scripting (XSS) attacks.
How severe is CVE-2020-36493?
CVE-2020-36493 has a severity rating of 5.4 (Medium).
Which component of DedeCMS is affected by CVE-2020-36493?
The component media_main.php is affected by CVE-2020-36493.
What are the parameters affected by CVE-2020-36493?
The parameters affected by CVE-2020-36493 are 'activepath', 'keyword', 'tag', 'fmdo=x&filename', 'CKEditor', and 'CKEditorFuncNum'.
Is there a fix available for CVE-2020-36493?
Currently, there is no known fix for CVE-2020-36493. It is recommended to update to a patched version when available or apply any relevant patches provided by the vendor.
- collector/nvd-index
- vendor/dedecms
- canonical/dedecms dedecms
- version/dedecms dedecms/7.5-sp2