CVE-2023-40875

Summary

CVE-2023-40875 is a newly identified vulnerability affecting DedeCMS versions up to and including 5.7.110. The issue involves multiple cross-site scripting (XSS) weaknesses located at /dede/vote_edit.php. These vulnerabilities can be exploited by malicious actors via the votename and votenote parameters, posing a significant security risk to affected websites. Successful exploitation could allow attackers to inject malicious code and potentially gain unauthorized access to user sessions or sensitive data. System administrators are strongly advised to update their DedeCMS installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.