Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
discuz discuzx 3.4