Discuz: >> Discuzx >> 3.4 Security Vulnerabilities
Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component.
CVSS Score
7.1
EPSS Score
0.003
Published
2024-04-11
Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-02-15
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-22
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-22
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
CVSS Score
6.1
EPSS Score
0.003
Published
2018-01-12