Cross-Site Scripting (XSS) Vulnerability in DedeCMS 5.7 SP2 via onhashchange Attribute in msg Parameter

Cross-Site Scripting (XSS) Vulnerability in DedeCMS 5.7 SP2 via onhashchange Attribute in msg Parameter

CVE-2018-16786 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.

Learn more about our Cms Pen Testing.