Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-48409

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00535EPSS
Exploits0References3
CVE
CVE
added 2024/03/31 9:0 a.m.60 views

CVE-2020-36828

CVE-2020-36828 (DiscuzX) affects DiscuzX up to version 3.4-20200818. The vulnerability is in the function show_next_step of the file upload/install/include/install_function.php, where manipulation of the uchidden argument enables cross-site scripting. The issue can be exploited remotely. A fixed ...

4CVSS3.8AI score0.00484EPSS
Exploits0References3
Prion
Prion
added 2023/02/15 9:15 p.m.17 views

Cross site scripting

Cross site scripting XSS vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search...

5.8CVSS6.3AI score0.00535EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/02/15 12:0 a.m.51 views

CVE-2022-45543

The provided connected documents confirm CVE-2022-45543 is an XSS vulnerability in DiscuzX 3.4 that lets an attacker execute arbitrary code via the audit search parameters datetline, title, tpp, or username. The entry indicates a potential arbitrary code execution impact, with no published exploi...

6.1CVSS6.2AI score0.00535EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/12/26 12:0 a.m.5 views

Discuz! DiscuzX file deletion vulnerability

Discuz! DiscuzX is an online forum system. A file deletion vulnerability exists in Discuz! DiscuzX version 3.4, which can be exploited by a remote attacker to delete the commonmemberwechatmp data structure by sending an ac=unbindmp request to the plugin.php page when wechat login is enabled...

5.9CVSS7AI score0.00903EPSS
Exploits1References1
OSV
OSV
added 2018/12/24 4:29 a.m.4 views

CVE-2018-20422

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...

8.1CVSS5.8AI score0.01291EPSS
Exploits1References1
Prion
Prion
added 2018/12/24 4:29 a.m.15 views

Design/Logic Flaw

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...

6.8CVSS8AI score0.0118EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/12/24 4:29 a.m.5 views

CVE-2018-20423

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...

8.1CVSS5.8AI score0.0118EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/12/24 4:0 a.m.22 views

CVE-2018-20422

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...

8.4AI score0.01291EPSS
Exploits1References1
Rows per page
Query Builder