Home / Early Warning / Vulnerabilidades / CVE-2020-36496

CVE-2020-36496

Type: 
Cross-Site Scripting (XSS)
Severity: 
Medium
Publication date: 
10/22/2021
Last modified: 
10/26/2021
Description
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
Impact
Access Vector: Through network
Access Complexity: Media
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + No impact on system confidentiality + No impact on system availability
Vulnerable software and versions
  • cpe:2.3:a:dedecms:dedecms:7.5:sp2:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
Explanation of fields