PT-2018-16932 · Comsenz · Discuzx
Published
2018-01-12
·
Updated
2020-01-29
·
CVE-2018-5376
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DiscuzX version X3.4
Description
The issue is related to a XSS vulnerability. It affects the
includespacecpspacecp upload.php file, specifically the op parameter.Recommendations
For DiscuzX version X3.4, avoid using the
op parameter in the includespacecpspacecp upload.php file until a fix is available. As a temporary workaround, consider restricting access to the spacecp upload.php file to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discuzx