Vulnerabilities > Discuz > Discuzx > x3.4

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2018-5377 Missing Authorization vulnerability in Discuz Discuzx X3.4
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
network
low complexity
discuz CWE-862
7.5
7.5
2018-01-12 CVE-2018-5375 Cross-site Scripting vulnerability in Discuz Discuzx X3.4
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
network
discuz CWE-79
4.3
4.3
2018-01-10 CVE-2018-5331 Cross-site Scripting vulnerability in Discuz Discuzx X3.4
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
network
discuz CWE-79
3.5
3.5
2018-01-08 CVE-2018-5259 Unspecified vulnerability in Discuz Discuzx X3.4
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
network
low complexity
discuz
6.5
6.5