descreekert wx-discuz wx.php validToken cross site scripting

July 18, 2025 invoker category_cve

CVE Details

Basic Information

Title descreekert wx-discuz wx.php validToken cross site scripting
Type cve
Published 2025-07-18T19:14:04.761Z
Modified 2025-07-18T19:14:04.761Z

Product Information

Vendor descreekert
Product wx-discuz
Version 12bd4745c63ec203cb32119bf77ead4a923bf277

CVSS Information

Base Score 5.1 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

Affected Products

  • descreekert wx-discuz 12bd4745c63ec203cb32119bf77ead4a923bf277

Additional Information

CWE List CWE-79, CWE-94
Source VulDB

Description

A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross site scripting. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.