vendor:
Discuz!
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Discuz!
Affected Version From: Discuz! 6.0.0
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Not specified
CPE: a:discuz_project:discuz
Platforms Tested: Unknown
Unknown
Cross-Site Scripting Vulnerability in Discuz!
The Discuz! application fails to properly sanitize user-supplied input, leading to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting user, potentially stealing authentication credentials and launching further attacks.
Mitigation:
Apply appropriate input validation and encoding techniques to prevent script injection attacks. Regularly update to the latest version of Discuz! to ensure security patches are applied.