Discuz Discuzx
9 CVEs affecting Discuz Discuzx. Latest disclosed: 2024-04-11. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-5377 | Critical | 9.8 | 2018-01-12 | Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. |
CVE-2018-5259 | High | 8.8 | 2018-01-08 | Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. |
CVE-2024-30884 | High | 7.1 | 2024-04-11 | Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive inf… |
CVE-2022-45543 | Medium | 6.1 | 2023-02-15 | Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via th… |
CVE-2018-5376 | Medium | 6.1 | 2018-01-12 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. |
CVE-2018-5375 | Medium | 6.1 | 2018-01-12 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. |
CVE-2018-10298 | Medium | 5.4 | 2018-04-22 | Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the co… |
CVE-2018-10297 | Medium | 5.4 | 2018-04-22 | Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote image… |
CVE-2018-5331 | Medium | 5.4 | 2018-01-10 | Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. |