RSS   Vulnerabilities for 'Discuz!'   RSS

2018-11-22
 
CVE-2018-19464

CWE-79
 

 
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code.

 
2009-08-12
 
CVE-2008-6957

 

 
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.

 

 >>> Vendor: Discuz 4 Products
Discuz gbk
Discuz!
Ucenter home
Discuzx


Copyright 2024, cxsecurity.com

 

Back to Top