Total
8 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-5377 | 1 Discuz | 1 Discuzx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | |||||
CVE-2018-5376 | 1 Discuz | 1 Discuzx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. | |||||
CVE-2018-5375 | 1 Discuz | 1 Discuzx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | |||||
CVE-2018-5331 | 1 Discuz | 1 Discuzx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | |||||
CVE-2018-5259 | 1 Discuz | 1 Discuzx | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. | |||||
CVE-2018-10298 | 1 Discuz | 1 Discuzx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. | |||||
CVE-2018-10297 | 1 Discuz | 1 Discuzx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. | |||||
CVE-2022-45543 | 1 Discuz | 1 Discuzx | 2024-02-28 | N/A | 6.1 MEDIUM |
Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. |