THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2020-36828

DiscuzX install_function.php show_next_step cross site scripting

AssignerVulDB
Reserved2024-03-29
Published2024-03-31
Updated2024-07-08

Description

EN DE

A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.4-20210119 is able to address this issue. The name of the patch is 4a9673624f46f7609486778ded9653733020c567. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258612.

Es wurde eine problematische Schwachstelle in DiscuzX bis 3.4-20200818 ausgemacht. Es geht dabei um die Funktion show_next_step der Datei upload/install/include/install_function.php. Mit der Manipulation des Arguments uchidden mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Ein Aktualisieren auf die Version 3.4-20210119 vermag dieses Problem zu lösen. Der Patch wird als 4a9673624f46f7609486778ded9653733020c567 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.



LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
LOW: 3.5CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
4.0CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

Problem types

CWE-79 Cross Site Scripting

Timeline

2020-01-09:Advisory disclosed
2020-01-09:Countermeasure disclosed
2024-03-29:VulDB entry created
2024-03-29:VulDB entry last update

Credits

VulDB GitHub Commit Analyzer tool

References

https://vuldb.com/?id.258612 (VDB-258612 | DiscuzX install_function.php show_next_step cross site scripting) vdb-entry technical-description

https://vuldb.com/?ctiid.258612 (VDB-258612 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

https://github.com/codersclub/DiscuzX/commit/4a9673624f46f7609486778ded9653733020c567 patch

cve.org CVE-2020-36828

nvd.nist.gov CVE-2020-36828

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2020-36828
© Copyright 2024 THREATINT. Made in Cyprus with +