OpenCVE

Filtered by vendor Discuz Subscriptions

Filtered by product Discuzx Subscriptions

Total 8 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-45543	1 Discuz	1 Discuzx	2024-11-21	6.1 Medium
Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.
CVE-2018-5377	1 Discuz	1 Discuzx	2024-11-21	N/A
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
CVE-2018-5376	1 Discuz	1 Discuzx	2024-11-21	6.1 Medium
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
CVE-2018-5375	1 Discuz	1 Discuzx	2024-11-21	N/A
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
CVE-2018-5331	1 Discuz	1 Discuzx	2024-11-21	N/A
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
CVE-2018-5259	1 Discuz	1 Discuzx	2024-11-21	N/A
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
CVE-2018-10298	1 Discuz	1 Discuzx	2024-11-21	N/A
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
CVE-2018-10297	1 Discuz	1 Discuzx	2024-11-21	N/A
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.

Page 1 of 1.