PT-2018-9807 · Comsenz · Discuzx
Published
2018-04-22
·
Updated
2018-05-18
·
CVE-2018-10297
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Discuz! versions prior to X3.4
Description:
The issue is related to stored XSS via the "portal.php?mod=portalcp&ac=article" API endpoint, specifically due to mishandling of
IMG elements associated with remote images.Recommendations:
For versions prior to X3.4, as a temporary workaround, consider restricting access to the "portal.php?mod=portalcp&ac=article" endpoint until a patch is available. Avoid using remote images in the
IMG elements within this endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Discuzx