Cross-Site Scripting (XSS) Vulnerability in DedeCMS 5.7 SP2 via GetPageList Function

Cross-Site Scripting (XSS) Vulnerability in DedeCMS 5.7 SP2 via GetPageList Function

CVE-2018-18608 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.

Learn more about our Cms Pen Testing.