DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-10-23T18:00:00Z

Updated: 2024-09-16T20:43:38.503Z

Reserved: 2018-10-23T00:00:00Z

Link: CVE-2018-18608

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-10-23T18:29:00.253

Modified: 2024-11-21T03:56:14.543

Link: CVE-2018-18608

cve-icon Redhat

No data.