Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discuz discuzx vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-10297
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
Discuz Discuzx
5.4
CVSSv3
CVE-2018-10298
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
Discuz Discuzx
8.8
CVSSv3
CVE-2018-5259
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
Discuz Discuzx X3.4
5.4
CVSSv3
CVE-2018-5331
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
Discuz Discuzx X3.4
6.1
CVSSv3
CVE-2022-45543
Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows malicious users to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.
Discuz Discuzx 3.4
1 Github repository
6.1
CVSSv3
CVE-2018-5375
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
Discuz Discuzx X3.4
9.8
CVSSv3
CVE-2018-5377
Discuz! DiscuzX X3.4 allows remote malicious users to bypass intended access restrictions via the archiver\index.php action parameter.
Discuz Discuzx X3.4
6.1
CVSSv3
CVE-2018-5376
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
Discuz Discuzx 3.4
5.9
CVSSv3
CVE-2018-20424
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote malicious users to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.
Comsenz Discuzx X3.4
8.1
CVSSv3
CVE-2018-20423
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote malicious users to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
Comsenz Discuzx X3.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »