CVE-2024-30884

Name of the Vulnerable Software and Affected Versions Discuz! version X3.4 20220811

Description The issue is a Reflected Cross-Site Scripting (XSS) vulnerability, which allows remote attackers to execute arbitrary code and obtain sensitive information. This is achieved via a crafted payload to the primarybegin parameter in the "misc.php" component.

Recommendations For Discuz! version X3.4 20220811, consider disabling access to the misc.php component or restricting the primarybegin parameter to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.