discuz 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting and vendor risk sql injection があり、vendor surface production workloads and vendor surface software deployment の利用場面で vendor impact session compromise and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-30884 | Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. | [email protected] | 7.1 | 0.53% | 2024-04-11 | 2026-06-17 |
| CVE-2022-45543 | Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. | [email protected] | 6.1 | 0.53% | 2023-02-15 | 2026-06-17 |
| CVE-2018-10298 | Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. | [email protected] | 5.4 | 0.53% | 2018-04-22 | 2026-06-16 |
| CVE-2018-10297 | Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. | [email protected] | 5.4 | 0.53% | 2018-04-22 | 2026-06-16 |
| CVE-2018-5377 | Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | [email protected] | 9.8 | 2.13% | 2018-01-12 | 2026-06-16 |
| CVE-2018-5376 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. | [email protected] | 6.1 | 0.84% | 2018-01-12 | 2026-06-16 |
| CVE-2018-5375 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | [email protected] | 6.1 | 0.84% | 2018-01-12 | 2026-06-16 |
| CVE-2018-5331 | Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | [email protected] | 5.4 | 0.64% | 2018-01-10 | 2026-06-16 |
| CVE-2018-5259 | Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. | [email protected] | 8.8 | 2.00% | 2018-01-08 | 2026-06-16 |
| CVE-2010-4912 | SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action. | [email protected] | 7.5 | 1.01% | 2011-10-08 | 2026-06-16 |
| CVE-2008-6957 | member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | [email protected] | 7.5 | 2.84% | 2009-08-12 | 2026-06-16 |
| CVE-2006-5561 | SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie. | [email protected] | 7.5 | 1.05% | 2006-10-27 | 2026-06-16 |