CVE-2024-12181— DedeCMS SWF File uploads_add.php cross site scripting

CVSS 3.5 · Low EPSS 0.12% · P31 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-12181

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

DedeCMS SWF File uploads_add.php cross site scripting

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

DesDev DedeCMS 代码注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

DesDev DedeCMS（织梦内容管理系统）是中国卓卓（DesDev）公司的一套基于PHP的开源内容管理系统（CMS）。该系统具有内容发布、内容管理、内容编辑和内容检索等功能。 DesDev DedeCMS 5.7.116版本存在代码注入漏洞，该漏洞源于参数mediatype容易受到跨站脚本攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	DedeCMS	5.7.116	-

II. Public POCs for CVE-2024-12181

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-12181

请登录查看更多情报信息。

DedeCMS V5.7.116 Stored XSS Vulnerability · Issue #77 · Hebing123/cveexploitissue-tracking
CVE-2024-12181 DedeCMS SWF File uploads_add.php cross site scriptingsignaturepermissions-required
Submit #452983: DedeCMS V5.7.116 Cross Site Scriptingthird-party-advisory
CVE-2024-12181 DedeCMS SWF File uploads_add.php cross site scriptingvdb-entrytechnical-description
https://nvd.nist.gov/vuln/detail/CVE-2024-12181

Same Patch Batch · n/a · 2024-12-04 · 16 CVEs total

CVE-2024-12138	6.3 MEDIUM	horilla create_skills deserialization
CVE-2024-12180	3.5 LOW	DedeCMS article_add.php cross site scripting
CVE-2024-12182	3.5 LOW	DedeCMS soft_add.php cross site scripting
CVE-2024-12183	3.5 LOW	DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting
CVE-2024-37574		GriceMobile com.grice.call 安全漏洞
CVE-2024-37575		Mister org.mistergroup.shouldianswer 安全漏洞
CVE-2024-48453		INOVANCE AM401-CPU1608TPTN 安全漏洞
CVE-2024-39163		pyspider 安全漏洞
CVE-2024-39219		Aginode GigaSwitch 安全漏洞
CVE-2024-50947		KMQTT 安全漏洞
CVE-2024-51210		Firepad 安全漏洞
CVE-2024-54675		MISP 安全漏洞
CVE-2024-54674		MISP 安全漏洞
CVE-2024-53614		Thinkware Cloud APK 安全漏洞
CVE-2024-52676		Itsourcecode Online Discussion Forum Project 安全漏洞

IV. Related Vulnerabilities

Same product: DedeCMS

Same vendor: n/a

Same weakness: CWE-79

V. Comments for CVE-2024-12181

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-12181— DedeCMS SWF File uploads_add.php cross site scripting

I. Basic Information for CVE-2024-12181

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-12181

III. Intelligence Information for CVE-2024-12181

Same Patch Batch · n/a · 2024-12-04 · 16 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-12181

Leave a comment