CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cansheng Xintron Technology Discuz! is a community forum system based on PHP and MySQL by China's Cansheng Xintron Technology Company. A security vulnerability exists in Discuz! X3.4 version 20220811, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that allows...

7.1CVSS6.4AI score0.00435EPSS

Exploits1References2

CNVD•added 2020/08/03 12:0 a.m.•1 views

Arbitrary file deletion vulnerability in the background of Beijing Kangsheng Xinchuang Technology Co.

Discuz! is a general community forum software system launched by Beijing Kangsheng Xinchuang Technology Co. Discuz! x3.4 backend has an arbitrary file deletion vulnerability that can be exploited by an attacker to construct a packet to delete arbitrary files, possibly enabling reinstallation...

7.1AI score

Exploits0

CNVD•added 2018/11/23 12:0 a.m.•1 views

Cross-site Scripting Vulnerability in Discuz!

Discuz! is a very popular Web forum program in the Chinese community. A cross-site scripting vulnerability exists in Discuz! X3.4, which stems from the failure of admincp/admincpsetting.php and template\default\common\footer.htm to properly handle the statcode field, which can be exploited to...

4.8CVSS4.9AI score0.00235EPSS

Exploits0References1

Prion•added 2018/11/22 9:29 p.m.•13 views

Code injection

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

3.5CVSS4.9AI score0.00235EPSS

Exploits0References1Affected Software1

NVD•added 2018/11/22 9:29 p.m.•7 views

CVE-2018-19464

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

4.8CVSS5AI score0.00235EPSS

Exploits0References1

OSV•added 2018/11/22 9:29 p.m.•1 views

CVE-2018-19464

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

4.8CVSS5.8AI score0.00235EPSS

Exploits0References1

CVE•added 2018/11/22 9:0 p.m.•36 views

CVE-2018-19464

The vulnerability concerns Discuz! X3.4 where an XSS flaw can be triggered via admin.php due to improper handling of the statcode field in admincp/admincp_setting.php and template\default\common\footer.htm. The root cause is mishandling of third-party stats code, enabling injection of arbitrary w...

4.8CVSS4.9AI score0.00235EPSS

Exploits0References1Affected Software1

Cvelist•added 2018/11/22 9:0 p.m.•12 views

CVE-2018-19464

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

5AI score0.00235EPSS

Exploits0References1

OSV•added 2018/04/22 3:29 p.m.•2 views

CVE-2018-10297

Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images...

5.4CVSS5.8AI score0.00206EPSS

Exploits1References1

OSV•added 2018/01/12 9:29 a.m.•1 views

CVE-2018-5376

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...

6.1CVSS5.8AI score0.0024EPSS

Exploits1References1

OSV•added 2018/01/08 9:29 a.m.•0 views

CVE-2018-5259

Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter...

8.8CVSS5.8AI score

Exploits0References2