Cross-Site Scripting Vulnerability in Discuz! DiscuzX X3.4

CVE-2018-5331

What is CVE-2018-5331?

A Cross-Site Scripting vulnerability exists in Discuz! DiscuzX X3.4 through the 'view' parameter in the include/space/space_poll.php file. This flaw can be exploited via a mod=space do=poll request to home.php, allowing attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access and data exposure.

References