CVE-2023-40877

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 24, 2023
Updated: Aug 25, 2023
CWE ID 79

Summary

CVE-2023-40877: A cross-site scripting (XSS) vulnerability was identified in DedeCMS versions up to and including 5.7.110. Hackers can exploit this flaw by injecting malicious code through the title parameter in the /dede/freelist_edit.php file. Successful exploitation could lead to unintended execution of malicious scripts in users' browsers, potentially compromising their data or exposing sensitive information. It is highly recommended that affected users update their DedeCMS installations to the latest version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share