4 matches found
CVE-2018-20422
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...
Discuz! DiscuzX cross-site scripting vulnerability (CNVD-2018-08778)
Discuz! DiscuzX is an online forum system. A cross-site scripting vulnerability exists in Discuz! DiscuzX X3.4 and prior versions, which originates from data/template/1diyportalview.tpl.php failing to restrict user-submitted content. A remote attacker can use forum.php?mod=post&action=newthread t...
Design/Logic Flaw
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter...
CVE-2018-5331
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/spacepoll.php, as demonstrated by a mod=space do=poll request to home.php...