Stored XSS Vulnerability in Discuz! DiscuzX X3.4
CVE-2018-10297

5.4MEDIUM

Key Information:

Vendor: Discuz
Status: Discuzx
Vendor: CVE Published:; 22 April 2018

What is CVE-2018-10297?

The vulnerability exists in Discuz! DiscuzX X3.4, which allows stored Cross-Site Scripting (XSS) attacks through the portal.php?mod=portalcp&ac=article URI. This flaw arises from improper handling of IMG elements linked to remote images, potentially enabling attackers to inject malicious scripts that could execute in the context of other users, compromising user data and security.

References

https://laworigin.github.io/2018/04/22/Discuz-x-portal-St...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Apr 22, 2018

CVE-2018-10297 Data

JSON