Known Vulnerabilities for products from Discuz
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Discuz".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-45543 json | Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, ... | 6.1 - MEDIUM | 2023-02-15 | 2023-11-07 |
| CVE-2018-10298 json | Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_vie... | 5.4 - MEDIUM | 2018-04-22 | 2018-05-18 |
| CVE-2018-10297 json | Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG ele... | 5.4 - MEDIUM | 2018-04-22 | 2018-05-18 |
| CVE-2018-5377 json | Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action paramet... | 9.8 - CRITICAL | 2018-01-12 | 2019-10-03 |
| CVE-2018-5376 json | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. | 6.1 - MEDIUM | 2018-01-12 | 2020-01-29 |
| CVE-2018-5375 json | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | 6.1 - MEDIUM | 2018-01-12 | 2018-01-24 |
| CVE-2018-5331 json | Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll r... | 5.4 - MEDIUM | 2018-01-10 | 2018-01-29 |
| CVE-2018-5259 json | Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid... | 8.8 - HIGH | 2018-01-08 | 2019-10-03 |
| CVE-2010-4912 json | SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the... | 7.5 - HIGH | 2011-10-08 | 2017-08-29 |
| CVE-2009-4621 json | SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrar... | Not Provided | 2010-01-18 | 2026-04-23 |
| CVE-2008-6957 json | member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd... | Not Provided | 2009-08-12 | 2026-04-23 |
| CVE-2006-5561 json | SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via... | Not Provided | 2006-10-27 | 2026-04-23 |
Known software with vulnerabilities from Discuz
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Discuz | Discuzx | 3.4 |