573 matches found
Command Execution Vulnerability in Discuz!
Discuz! is Comsen Comsenz launched a community-based professional website building platform. A command execution vulnerability exists in Discuz! that can be exploited by an attacker to gain control of the web server...
Cross-site Scripting Vulnerability in Discuz!
Discuz! is a very popular Web forum program in the Chinese community. A cross-site scripting vulnerability exists in Discuz! X3.4, which stems from the failure of admincp/admincpsetting.php and template\default\common\footer.htm to properly handle the statcode field, which can be exploited to...
Code injection
Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...
CVE-2018-19464
Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...
CVE-2018-19464
Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...
CVE-2018-19464
Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...
CVE-2018-19464
The vulnerability concerns Discuz! X3.4 where an XSS flaw can be triggered via admin.php due to improper handling of the statcode field in admincp/admincp_setting.php and template\default\common\footer.htm. The root cause is mishandling of third-party stats code, enabling injection of arbitrary w...
Code Execution Vulnerability in Discuz! 1.5-2.5 Versions
Discuz! is a community-based professional website building platform launched by Comsenz Comsenz. A code execution vulnerability exists in Discuz! version 1.5-2.5. The vulnerability is due to improper handling of the parameters of the background database backup function, and an attacker can exploi...
Backend Command Execution Vulnerability
Crossday Discuz! Board abbreviated as Discuz! is a generalized community forum software system launched by Beijing Kangsheng Xinchuang Technology Limited Liability Company. A command execution vulnerability exists in the backend database backup function of Discuz!1.5-2.5 versions. An attacker can...
Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-08778)
Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4 and prior versions, which originates from data/template/1diyportalview.tpl.php failing to restrict user-submitted content. A remote attacker can use forum.php?mod=post&action=newthread t...
Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-08776)
Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4 and previous versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of forum.php?mod=post&action=newthread...
CVE-2018-10297
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images...
CVE-2018-10298
CVE-2018-10298 concerns Discuz! DiscuzX up to X3.4, where a reflected XSS is possible via forum.php?mod=post&action=newthread. The root cause is that data/template/1_diy_portal_view.tpl.php does not restrict user-submitted content, enabling injected scripts. This is documented across multiple fee...
Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-02843)
Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'op' parameter to the include\spacecp\spacecpupload.php file to inject arbitrary web script or HTML...
Discuz! DiscuzX Security Bypass Vulnerability (CNVD-2018-02844)
Discuz! DiscuzX is an online forum system. A security bypass vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'action' parameter to the archiver\index.php file to bypass access restrictions...
Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-02842)
Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'appid' parameter to the include\spacecp\spacecpspace.php file to inject arbitrary Web script or HTML...
CVE-2018-5377
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter...
CVE-2018-5376
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...
CVE-2018-5375
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpspace.php appid parameter in a delete action...
Design/Logic Flaw
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter...