CVE-2024-12183: DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting
First published: Wed Dec 04 2024(Updated: )
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dedecms v6 | <5.7.116 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-12183?
CVE-2024-12183 is classified as a problematic vulnerability.
How do I fix CVE-2024-12183?
To fix CVE-2024-12183, update DedeCMS to a version newer than 5.7.116.
What type of vulnerability is CVE-2024-12183?
CVE-2024-12183 is a Cross Site Scripting (XSS) vulnerability.
Which component is affected by CVE-2024-12183?
CVE-2024-12183 affects the HTTP POST Request Handler in DedeCMS.
In which file is CVE-2024-12183 located?
CVE-2024-12183 is located in the file /plus/carbuyaction.php.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/dedecms
- canonical/dedecms v6