CVE-2020-23046

DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt