Lucene search
K

573 matches found

CNVD
CNVD
added 2018/11/28 12:0 a.m.2 views

Command Execution Vulnerability in Discuz!

Discuz! is Comsen Comsenz launched a community-based professional website building platform. A command execution vulnerability exists in Discuz! that can be exploited by an attacker to gain control of the web server...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/11/23 12:0 a.m.3 views

Cross-site Scripting Vulnerability in Discuz!

Discuz! is a very popular Web forum program in the Chinese community. A cross-site scripting vulnerability exists in Discuz! X3.4, which stems from the failure of admincp/admincpsetting.php and template\default\common\footer.htm to properly handle the statcode field, which can be exploited to...

4.8CVSS4.9AI score0.00513EPSS
Exploits0References1
Prion
Prion
added 2018/11/22 9:29 p.m.17 views

Code injection

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

3.5CVSS4.9AI score0.00513EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/11/22 9:29 p.m.5 views

CVE-2018-19464

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

4.8CVSS5.8AI score0.00513EPSS
Exploits0References1
NVD
NVD
added 2018/11/22 9:29 p.m.25 views

CVE-2018-19464

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

4.8CVSS5AI score0.00513EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/11/22 9:0 p.m.29 views

CVE-2018-19464

Discuz! X3.4 allows XSS via admin.php because admincp/admincpsetting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code...

5AI score0.00513EPSS
Exploits0References1
CVE
CVE
added 2018/11/22 9:0 p.m.39 views

CVE-2018-19464

The vulnerability concerns Discuz! X3.4 where an XSS flaw can be triggered via admin.php due to improper handling of the statcode field in admincp/admincp_setting.php and template\default\common\footer.htm. The root cause is mishandling of third-party stats code, enabling injection of arbitrary w...

4.8CVSS4.9AI score0.00513EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/08/30 12:0 a.m.2 views

Code Execution Vulnerability in Discuz! 1.5-2.5 Versions

Discuz! is a community-based professional website building platform launched by Comsenz Comsenz. A code execution vulnerability exists in Discuz! version 1.5-2.5. The vulnerability is due to improper handling of the parameters of the background database backup function, and an attacker can exploi...

7.7AI score
Exploits0
CNVD
CNVD
added 2018/08/30 12:0 a.m.4 views

Backend Command Execution Vulnerability

Crossday Discuz! Board abbreviated as Discuz! is a generalized community forum software system launched by Beijing Kangsheng Xinchuang Technology Limited Liability Company. A command execution vulnerability exists in the backend database backup function of Discuz!1.5-2.5 versions. An attacker can...

9CVSS7.7AI score0.10615EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/24 12:0 a.m.6 views

Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-08778)

Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4 and prior versions, which originates from data/template/1diyportalview.tpl.php failing to restrict user-submitted content. A remote attacker can use forum.php?mod=post&action=newthread t...

5.4CVSS6.2AI score0.00531EPSS
Exploits1References1
CNVD
CNVD
added 2018/04/24 12:0 a.m.3 views

Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-08776)

Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4 and previous versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of forum.php?mod=post&action=newthread...

5.4CVSS6AI score0.00531EPSS
Exploits1References1
OSV
OSV
added 2018/04/22 3:29 p.m.4 views

CVE-2018-10297

Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images...

5.4CVSS5.8AI score0.00531EPSS
Exploits1References1
CVE
CVE
added 2018/04/22 3:0 p.m.50 views

CVE-2018-10298

CVE-2018-10298 concerns Discuz! DiscuzX up to X3.4, where a reflected XSS is possible via forum.php?mod=post&action=newthread. The root cause is that data/template/1_diy_portal_view.tpl.php does not restrict user-submitted content, enabling injected scripts. This is documented across multiple fee...

5.4CVSS5.2AI score0.00531EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/01/17 12:0 a.m.5 views

Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-02843)

Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'op' parameter to the include\spacecp\spacecpupload.php file to inject arbitrary web script or HTML...

6.1CVSS6.2AI score0.00831EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/17 12:0 a.m.4 views

Discuz! DiscuzX Security Bypass Vulnerability (CNVD-2018-02844)

Discuz! DiscuzX is an online forum system. A security bypass vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'action' parameter to the archiver\index.php file to bypass access restrictions...

9.8CVSS7AI score0.02093EPSS
Exploits0References1
CNVD
CNVD
added 2018/01/17 12:0 a.m.5 views

Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-02842)

Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4. A remote attacker can exploit this vulnerability by sending the 'appid' parameter to the include\spacecp\spacecpspace.php file to inject arbitrary Web script or HTML...

6.1CVSS6.4AI score0.00829EPSS
Exploits1References1
OSV
OSV
added 2018/01/12 9:29 a.m.5 views

CVE-2018-5377

Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter...

9.8CVSS5.8AI score0.02093EPSS
Exploits0References1
OSV
OSV
added 2018/01/12 9:29 a.m.5 views

CVE-2018-5376

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpupload.php op parameter...

6.1CVSS5.8AI score0.00831EPSS
Exploits1References1
OSV
OSV
added 2018/01/12 9:29 a.m.1 views

CVE-2018-5375

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecpspace.php appid parameter in a delete action...

6.1CVSS5.8AI score0.00829EPSS
Exploits1References1
Prion
Prion
added 2018/01/12 9:29 a.m.22 views

Design/Logic Flaw

Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter...

7.5CVSS9.4AI score0.02093EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder