Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
discuzx vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2018-10298
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
Discuz Discuzx
3.5
CVSSv2
CVE-2018-10297
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
Discuz Discuzx
6.8
CVSSv2
CVE-2018-20422
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote malicious users to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over wh...
Comsenz Discuzx X3.4
6.5
CVSSv2
CVE-2018-5259
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
Discuz Discuzx X3.4
4.3
CVSSv2
CVE-2018-5375
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
Discuz Discuzx X3.4
4.3
CVSSv2
CVE-2018-5376
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
Discuz Discuzx 3.4
7.5
CVSSv2
CVE-2018-5377
Discuz! DiscuzX X3.4 allows remote malicious users to bypass intended access restrictions via the archiver\index.php action parameter.
Discuz Discuzx X3.4
3.5
CVSSv2
CVE-2018-5331
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
Discuz Discuzx X3.4
6.8
CVSSv2
CVE-2018-20423
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote malicious users to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
Comsenz Discuzx X3.4
5.8
CVSSv2
CVE-2018-20424
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote malicious users to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.
Comsenz Discuzx X3.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »