CVE-2018-18578by Jeremyin Security Bulletinson Posted on October 22, 2018 DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter.