Vulnerabilities > Discuz > Discuzx > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-15 | CVE-2022-45543 | Cross-site Scripting vulnerability in Discuz Discuzx 3.4 Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. | 6.1 |
| 2018-04-22 | CVE-2018-10298 | Cross-site Scripting vulnerability in Discuz Discuzx 3.4 Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. | 5.4 |
| 2018-04-22 | CVE-2018-10297 | Cross-site Scripting vulnerability in Discuz Discuzx 3.4 Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. | 5.4 |
| 2018-01-12 | CVE-2018-5376 | Cross-site Scripting vulnerability in Discuz Discuzx 3.4 Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. | 6.1 |
| 2018-01-12 | CVE-2018-5375 | Cross-site Scripting vulnerability in Discuz Discuzx X3.4 Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | 6.1 |
| 2018-01-10 | CVE-2018-5331 | Cross-site Scripting vulnerability in Discuz Discuzx X3.4 Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | 5.4 |