CVE-2020-27533

MEDIUM

DedeCMS <5.8 - XSS

Title source: llm

Description

A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.

Exploits (1)

exploitdb WORKING POC

by Noth · textwebappsphp

https://www.exploit-db.com/exploits/48974

View Code ZIP pw:eip

References (2)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/dedetech/issues/issues/16

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159772/DedeCMS-5.8-Cross-Site-Scripting.html

Scores

CVSS v3 5.4

EPSS 0.0073

EPSS Percentile 72.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

dedecms/dedecms 5.8

Published Oct 22, 2020

Tracked Since Feb 18, 2026