PT-2018-16931 · Comsenz · Discuzx
Published
2018-01-12
·
Updated
2018-01-24
·
CVE-2018-5375
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DiscuzX version X3.4
Description
The issue is related to a XSS problem. It occurs via the
appid parameter in a delete action in the includespacecpspacecp space.php file.Recommendations
For DiscuzX version X3.4, avoid using the
appid parameter in the delete action of the includespacecpspacecp space.php file until a fix is available. As a temporary workaround, consider restricting access to the delete action in the includespacecpspacecp space.php file to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discuzx