Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/myfriend.php ftype parameter.

DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php.

Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter.

DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.

DedeCMS 5.7 SP2 allows XSS via an onhashchange attribute in the msg parameter to /plus/feedback_ajax.php.

DedeCMS 5.7 SP2 allows XML injection, and resultant remote code execution, via a "<file type='file' name='../" substring.

XML injection vulnerability exists in the file of DedeCMS V5.7 SP2 version, which can be utilized by attackers to create script file to obtain webshell

axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function in lib/jitana/util/axml_parser.cpp.

The mintToken function of a smart contract implementation for DECToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.

The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.