Discuz! versions 7.2 and below suffer from a cross site scripting vulnerability.
560fd8e6e25b0619a343d5bc06be086fdb9c6e5d155e79da07ce5a7f44f0426e
There is a Permanent-type Cross-Site Vulnerability in Personal Signature in all version of Discuz!. It can be written by the worm!
Discuz! do not filter the Malicious code when user enter their personal signature, attacker can enter the xss code, Discuz! will save and run it! It maybe lead the propagation of worm!
For example:
we can register an user, and enter the xss code to our personal signature!
like:
</textarea><script>alert(/Liscker/);</script><textarea>
Vulnerable: Discuz! <=7.2 all version!
Liscker
2010.03.24