CVE-2024-29660

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29660
Cross Site Scripting vulnerability in DedeCMS v.5.7 allows a local attacker to execute arbitrary code via a crafted payload to the stepselect_main.php component.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md Broken Link
https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md Broken Link
Configurations

Configuration 1 (hide)

cpe:2.3:a:dedecms:dedecms:5.7:-:*:*:*:*:*:*
History

01 Apr 2025, 18:05

Type Values Removed Values Added
References () https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md - () https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md - Broken Link
CPE cpe:2.3:a:dedecms:dedecms:5.7:-:*:*:*:*:*:*
First Time Dedecms dedecms
Dedecms

21 Nov 2024, 09:08

Type Values Removed Values Added
References () https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md - () https://github.com/ysl1415926/cve/blob/main/DedeCMSv5.7.md -

03 Jul 2024, 01:52

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de Cross-Site Scripting en DedeCMS v.5.7 permite a un atacante local ejecutar código arbitrario a través de un payload manipulado en el componente stepelect_main.php.
CWE CWE-79
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

25 Apr 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-25 17:15

Updated : 2025-04-01 18:05

NVD link : CVE-2024-29660

Mitre link : CVE-2024-29660

CVE.ORG link : CVE-2024-29660

JSON object : View

Products Affected

dedecms

  • dedecms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')