Search
Find a vulnerability
Search criteria
18 vulnerabilities found for discuzx by discuz
CVE-2024-30884 (GCVE-0-2024-30884)
Vulnerability from nvd – Published: 2024-04-11 00:00 – Updated: 2024-08-02 01:39
VLAI
Summary
Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| codersclub | discuz\!ml |
Affected:
3.4_20220811
cpe:2.3:a:codersclub:discuz\!ml:3.4_20220811:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codersclub:discuz\\!ml:3.4_20220811:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discuz\\!ml",
"vendor": "codersclub",
"versions": [
{
"status": "affected",
"version": "3.4_20220811"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T17:48:47.840221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T17:51:43.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:39:00.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Hebing123/cve/issues/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-11T05:05:52.281Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Hebing123/cve/issues/28"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30884",
"datePublished": "2024-04-11T00:00:00.000Z",
"dateReserved": "2024-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T01:39:00.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45543 (GCVE-0-2022-45543)
Vulnerability from nvd – Published: 2023-02-15 00:00 – Updated: 2025-03-19 17:58
VLAI
Summary
Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://srpopty.github.io/2023/02/15/Vulnerability-Discuz-X3.4-Reflected-XSS-%28CVE-2022-45543%29/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45543",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:58:05.740191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:58:10.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://srpopty.github.io/2023/02/15/Vulnerability-Discuz-X3.4-Reflected-XSS-%28CVE-2022-45543%29/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-15T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://srpopty.github.io/2023/02/15/Vulnerability-Discuz-X3.4-Reflected-XSS-%28CVE-2022-45543%29/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45543",
"datePublished": "2023-02-15T00:00:00.000Z",
"dateReserved": "2022-11-21T00:00:00.000Z",
"dateUpdated": "2025-03-19T17:58:10.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10298 (GCVE-0-2018-10298)
Vulnerability from nvd – Published: 2018-04-22 15:00 – Updated: 2024-09-16 18:49
VLAI
Summary
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://laworigin.github.io/2018/04/22/Discuz-x-p… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post\u0026action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-22T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post\u0026action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/",
"refsource": "MISC",
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10298",
"datePublished": "2018-04-22T15:00:00.000Z",
"dateReserved": "2018-04-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:49:41.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10297 (GCVE-0-2018-10297)
Vulnerability from nvd – Published: 2018-04-22 15:00 – Updated: 2024-09-16 17:34
VLAI
Summary
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://laworigin.github.io/2018/04/22/Discuz-x-p… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:06.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp\u0026ac=article URI, related to mishandling of IMG elements associated with remote images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-22T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp\u0026ac=article URI, related to mishandling of IMG elements associated with remote images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/",
"refsource": "MISC",
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10297",
"datePublished": "2018-04-22T15:00:00.000Z",
"dateReserved": "2018-04-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:34:08.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5377 (GCVE-0-2018-5377)
Vulnerability from nvd – Published: 2018-01-12 09:00 – Updated: 2024-09-16 19:00
VLAI
Summary
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.whsgwl.net/text.php?textid=36 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\\index.php action parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\\index.php action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.whsgwl.net/text.php?textid=36",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5377",
"datePublished": "2018-01-12T09:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:00:39.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5376 (GCVE-0-2018-5376)
Vulnerability from nvd – Published: 2018-01-12 09:00 – Updated: 2024-09-17 00:32
VLAI
Summary
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.whsgwl.net/text.php?textid=35 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_upload.php op parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_upload.php op parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.whsgwl.net/text.php?textid=35",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5376",
"datePublished": "2018-01-12T09:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:32:20.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5375 (GCVE-0-2018-5375)
Vulnerability from nvd – Published: 2018-01-12 09:00 – Updated: 2024-09-17 01:41
VLAI
Summary
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.whsgwl.net/text.php?textid=34 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_space.php appid parameter in a delete action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=34"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_space.php appid parameter in a delete action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.whsgwl.net/text.php?textid=34",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=34"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5375",
"datePublished": "2018-01-12T09:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:41:40.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5331 (GCVE-0-2018-5331)
Vulnerability from nvd – Published: 2018-01-10 09:00 – Updated: 2024-08-05 05:33
VLAI
Summary
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.whsgwl.net/text.php?textid=32 | x_refsource_MISC |
Date Public
2018-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T08:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.whsgwl.net/text.php?textid=32",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5331",
"datePublished": "2018-01-10T09:00:00.000Z",
"dateReserved": "2018-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5259 (GCVE-0-2018-5259)
Vulnerability from nvd – Published: 2018-01-08 09:00 – Updated: 2024-08-05 05:33
VLAI
Summary
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA | x_refsource_MISC |
| http://www.whsgwl.net/text.php?textid=3 | x_refsource_MISC |
Date Public
2018-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T08:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA",
"refsource": "MISC",
"url": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA"
},
{
"name": "http://www.whsgwl.net/text.php?textid=3",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5259",
"datePublished": "2018-01-08T09:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30884 (GCVE-0-2024-30884)
Vulnerability from cvelistv5 – Published: 2024-04-11 00:00 – Updated: 2024-08-02 01:39
VLAI
Summary
Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component.
Severity
7.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| codersclub | discuz\!ml |
Affected:
3.4_20220811
cpe:2.3:a:codersclub:discuz\!ml:3.4_20220811:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:codersclub:discuz\\!ml:3.4_20220811:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "discuz\\!ml",
"vendor": "codersclub",
"versions": [
{
"status": "affected",
"version": "3.4_20220811"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T17:48:47.840221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T17:51:43.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:39:00.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Hebing123/cve/issues/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-11T05:05:52.281Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Hebing123/cve/issues/28"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30884",
"datePublished": "2024-04-11T00:00:00.000Z",
"dateReserved": "2024-03-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T01:39:00.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-45543 (GCVE-0-2022-45543)
Vulnerability from cvelistv5 – Published: 2023-02-15 00:00 – Updated: 2025-03-19 17:58
VLAI
Summary
Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:17:03.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://srpopty.github.io/2023/02/15/Vulnerability-Discuz-X3.4-Reflected-XSS-%28CVE-2022-45543%29/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45543",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-19T17:58:05.740191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:58:10.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://srpopty.github.io/2023/02/15/Vulnerability-Discuz-X3.4-Reflected-XSS-%28CVE-2022-45543%29/"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-15T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://srpopty.github.io/2023/02/15/Vulnerability-Discuz-X3.4-Reflected-XSS-%28CVE-2022-45543%29/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45543",
"datePublished": "2023-02-15T00:00:00.000Z",
"dateReserved": "2022-11-21T00:00:00.000Z",
"dateUpdated": "2025-03-19T17:58:10.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10297 (GCVE-0-2018-10297)
Vulnerability from cvelistv5 – Published: 2018-04-22 15:00 – Updated: 2024-09-16 17:34
VLAI
Summary
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://laworigin.github.io/2018/04/22/Discuz-x-p… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:06.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp\u0026ac=article URI, related to mishandling of IMG elements associated with remote images."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-22T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp\u0026ac=article URI, related to mishandling of IMG elements associated with remote images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/",
"refsource": "MISC",
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10297",
"datePublished": "2018-04-22T15:00:00.000Z",
"dateReserved": "2018-04-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:34:08.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10298 (GCVE-0-2018-10298)
Vulnerability from cvelistv5 – Published: 2018-04-22 15:00 – Updated: 2024-09-16 18:49
VLAI
Summary
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://laworigin.github.io/2018/04/22/Discuz-x-p… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.303Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post\u0026action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-22T15:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post\u0026action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/",
"refsource": "MISC",
"url": "https://laworigin.github.io/2018/04/22/Discuz-x-portal-Stored-XSS/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10298",
"datePublished": "2018-04-22T15:00:00.000Z",
"dateReserved": "2018-04-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:49:41.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5375 (GCVE-0-2018-5375)
Vulnerability from cvelistv5 – Published: 2018-01-12 09:00 – Updated: 2024-09-17 01:41
VLAI
Summary
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.whsgwl.net/text.php?textid=34 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=34"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_space.php appid parameter in a delete action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=34"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_space.php appid parameter in a delete action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.whsgwl.net/text.php?textid=34",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=34"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5375",
"datePublished": "2018-01-12T09:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:41:40.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5376 (GCVE-0-2018-5376)
Vulnerability from cvelistv5 – Published: 2018-01-12 09:00 – Updated: 2024-09-17 00:32
VLAI
Summary
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.whsgwl.net/text.php?textid=35 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=35"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_upload.php op parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=35"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 has XSS via the include\\spacecp\\spacecp_upload.php op parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.whsgwl.net/text.php?textid=35",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=35"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5376",
"datePublished": "2018-01-12T09:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:32:20.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5377 (GCVE-0-2018-5377)
Vulnerability from cvelistv5 – Published: 2018-01-12 09:00 – Updated: 2024-09-16 19:00
VLAI
Summary
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.whsgwl.net/text.php?textid=36 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\\index.php action parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-12T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\\index.php action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.whsgwl.net/text.php?textid=36",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5377",
"datePublished": "2018-01-12T09:00:00.000Z",
"dateReserved": "2018-01-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:00:39.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5331 (GCVE-0-2018-5331)
Vulnerability from cvelistv5 – Published: 2018-01-10 09:00 – Updated: 2024-08-05 05:33
VLAI
Summary
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.whsgwl.net/text.php?textid=32 | x_refsource_MISC |
Date Public
2018-01-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=32"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-10T08:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=32"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.whsgwl.net/text.php?textid=32",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=32"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5331",
"datePublished": "2018-01-10T09:00:00.000Z",
"dateReserved": "2018-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:44.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5259 (GCVE-0-2018-5259)
Vulnerability from cvelistv5 – Published: 2018-01-08 09:00 – Updated: 2024-08-05 05:33
VLAI
Summary
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA | x_refsource_MISC |
| http://www.whsgwl.net/text.php?textid=3 | x_refsource_MISC |
Date Public
2018-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.whsgwl.net/text.php?textid=3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-08T08:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.whsgwl.net/text.php?textid=3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA",
"refsource": "MISC",
"url": "https://gitee.com/ComsenzDiscuz/DiscuzX/issues/IH8SA"
},
{
"name": "http://www.whsgwl.net/text.php?textid=3",
"refsource": "MISC",
"url": "http://www.whsgwl.net/text.php?textid=3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5259",
"datePublished": "2018-01-08T09:00:00.000Z",
"dateReserved": "2018-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}