Vulnerabilities > Discuz > Discuzx > x3.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-12 | CVE-2018-5377 | Missing Authorization vulnerability in Discuz Discuzx X3.4 Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | 9.8 |
| 2018-01-12 | CVE-2018-5375 | Cross-site Scripting vulnerability in Discuz Discuzx X3.4 Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | 6.1 |
| 2018-01-10 | CVE-2018-5331 | Cross-site Scripting vulnerability in Discuz Discuzx X3.4 Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | 5.4 |
| 2018-01-08 | CVE-2018-5259 | Unspecified vulnerability in Discuz Discuzx X3.4 Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. | 8.8 |