CVE-2023-40874

Summary

CVE-2023-40874 is a recently disclosed vulnerability affecting DedeCMS versions up to 5.7.110. The issue involves multiple cross-site scripting (XSS) vulnerabilities located at /dede/vote_add.php. These vulnerabilities can be exploited through the manipulation of the votename and voteitem1 parameters, potentially enabling attackers to inject malicious scripts into unsuspecting users' browsers. Successful exploitation could lead to sessions being hijacked, sensitive information being accessed, or other unintended actions. It is highly recommended that affected systems be updated to the latest version of DedeCMS to mitigate these risks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.