← voltar
CVE-2025-7803

descreekert wx-discuz wx.php validToken cross site scripting

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79CWE-94
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.1EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
18 jul 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross site scripting. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X
Produtos afetados
descreekert · wx-discuz