Aggregates CVE and security vulnerability intelligence across all discuz-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk cross-site scripting and vendor risk sql injection, with potential vendor impact session compromise and vendor impact data exposure across vendor surface production workloads use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-30884 | Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. | [email protected] | 7.1 | 0.37% | 2024-04-11 | 2025-06-17 |
| CVE-2022-45543 | Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. | [email protected] | 6.1 | 0.30% | 2023-02-15 | 2025-03-19 |
| CVE-2018-10298 | Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. | [email protected] | 5.4 | 0.21% | 2018-04-22 | 2024-11-21 |
| CVE-2018-10297 | Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. | [email protected] | 5.4 | 0.21% | 2018-04-22 | 2024-11-21 |
| CVE-2018-5377 | Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | [email protected] | 9.8 | 0.44% | 2018-01-12 | 2024-11-21 |
| CVE-2018-5376 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. | [email protected] | 6.1 | 0.24% | 2018-01-12 | 2024-11-21 |
| CVE-2018-5375 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | [email protected] | 6.1 | 0.24% | 2018-01-12 | 2024-11-21 |
| CVE-2018-5331 | Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | [email protected] | 5.4 | 0.19% | 2018-01-10 | 2024-11-21 |
| CVE-2018-5259 | Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. | [email protected] | 8.8 | 0.41% | 2018-01-08 | 2024-11-21 |
| CVE-2010-4912 | SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action. | [email protected] | 7.5 | 0.45% | 2011-10-08 | 2026-04-29 |
| CVE-2008-6957 | member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | [email protected] | 7.5 | 6.68% | 2009-08-12 | 2026-04-23 |
| CVE-2006-5561 | SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie. | [email protected] | 7.5 | 1.96% | 2006-10-27 | 2026-04-23 |