CVE-2020-36828
CVSS V2 None
CVSS V3 None
Description
A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.4-20210119 is able to address this issue. The name of the patch is 4a9673624f46f7609486778ded9653733020c567. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258612.
Overview
- CVE ID
- CVE-2020-36828
- Assigner
- VulDB
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-03-31T09:00:04.241Z
- Last Modified Date
- 2024-03-31T09:00:04.241Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://vuldb.com/?id.258612 | vdb-entry technical-description |
https://vuldb.com/?ctiid.258612 | signature permissions-required |
https://github.com/codersclub/DiscuzX/commit/4a9673624f46f7609486778ded9653733020c567 | patch |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2020-36828 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36828 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-24 14:56:01 | Added to TrackCVE |