member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
Discuz
CVE-2018-5375
Discuz! DiscuzX X3.4 has XSS via the includespacecpspacecp_space.php appid parameter in a delete action.
CVE-2018-5376
Discuz! DiscuzX X3.4 has XSS via the includespacecpspacecp_upload.php op parameter.
CVE-2018-5377
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiverindex.php action parameter.
CVE-2018-5331
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
CVE-2018-5259
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.