CVE-2022-45543

Name of the Vulnerable Software and Affected Versions DiscuzX version 3.4

Description A cross site scripting (XSS) issue allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters through the audit search. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized actions.

Recommendations For DiscuzX version 3.4, as a temporary workaround, consider restricting access to the audit search function until a patch is available. Additionally, avoid using the datetline, title, tpp, or username parameters in the audit search until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.