PT-2018-16900 · Comsenz · Discuzx
Published
2018-01-10
·
Updated
2018-01-29
·
CVE-2018-5331
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DiscuzX version X3.4
Description
The issue concerns a cross-site scripting (XSS) problem. It can be triggered via the
view parameter in the include/space/space poll.php file. An example of exploitation is a request to home.php with mod=space and do=poll.Recommendations
For DiscuzX version X3.4, as a temporary workaround, consider restricting access to the
space poll.php file until a patch is available. Avoid using the view parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discuzx