Crosscom Olicom: >> Discuz Security Vulnerabilities
Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.
CVSS Score
7.5
EPSS Score
0.022
Published
2005-08-17
Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.
CVSS Score
6.8
EPSS Score
0.025
Published
2004-11-23