CVE-2018-10298

Name of the Vulnerable Software and Affected Versions: Discuz! versions through X3.4

Description: The issue is related to reflected XSS. It can be exploited via the "forum.php?mod=post&action=newthread" endpoint because the data/template/1 diy portal view.tpl.php file does not restrict the content, allowing for malicious input.

Recommendations: For versions through X3.4, restrict access to the vulnerable endpoint "forum.php?mod=post&action=newthread" until a fix is available, and ensure that the data/template/1 diy portal view.tpl.php file properly sanitizes user input to prevent XSS attacks.