2 matches found
CVE-2018-10298
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post=newthread because data/template/1diyportalview.tpl.php does not restrict the content...
CVE-2018-10298
CVE-2018-10298 concerns Discuz! DiscuzX up to X3.4, where a reflected XSS is possible via forum.php?mod=post&action=newthread. The root cause is that data/template/1_diy_portal_view.tpl.php does not restrict user-submitted content, enabling injected scripts. This is documented across multiple fee...