Vulnerabilites related to fudforum - fudforum
Vulnerability from fkie_nvd
Published
2020-01-27 22:15
Modified
2024-11-21 01:51
Severity ?
Summary
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/58845 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/83229 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/58845 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/83229 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21311578-9C04-4A3A-8DD0-B371663BFB72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n de c\u00f3digo PHP en FUDforum Bulletin Board Software versi\u00f3n 3.0.4, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario sobre el sistema."
}
],
"id": "CVE-2013-2267",
"lastModified": "2024-11-21T01:51:22.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T22:15:10.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58845"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-19 19:15
Modified
2024-11-21 05:58
Severity ?
Summary
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/2 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/2 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F38C9CCE-ABB8-4093-9EED-D11EF11F8B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter."
},
{
"lang": "es",
"value": "Un problema de tipo cross-site scripting (XSS) en FUDForum versi\u00f3n 3.1.0, permite a atacantes remotos inyectar JavaScript por medio del archivo index.php en el par\u00e1metro \"srch\""
}
],
"id": "CVE-2021-27519",
"lastModified": "2024-11-21T05:58:08.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-19T19:15:13.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-06 14:15
Modified
2024-11-21 07:03
Severity ?
Summary
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/24 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/24 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18AA8770-4EEC-4E5B-963F-348FC17C5913",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature."
},
{
"lang": "es",
"value": "FUDforum versi\u00f3n 3.1.2, es vulnerable a un ataque de tipo XSS almacenado por medio del campo Forum Name en la funcionalidad Forum Manager"
}
],
"id": "CVE-2022-30861",
"lastModified": "2024-11-21T07:03:30.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-06T14:15:08.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-06 14:15
Modified
2024-11-21 07:03
Severity ?
Summary
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/24 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/24 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18AA8770-4EEC-4E5B-963F-348FC17C5913",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel."
},
{
"lang": "es",
"value": "FUDForum versi\u00f3n 3.1.2, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del par\u00e1metro page_title en el Administrador de P\u00e1ginas del Panel de Control de Administraci\u00f3n"
}
],
"id": "CVE-2022-30863",
"lastModified": "2024-11-21T07:03:30.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-06T14:15:08.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-06 14:15
Modified
2024-11-21 07:03
Severity ?
Summary
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/23 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/23 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82EDE851-3D93-4B5D-86FC-4F68A58D2F14",
"versionEndExcluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel."
},
{
"lang": "es",
"value": "FUDforum versi\u00f3n 3.1.2, es vulnerable a una Ejecuci\u00f3n Remota de C\u00f3digo mediante una caracter\u00edstica Upload File del Sistema de Administraci\u00f3n de Archivos en el Panel de Control de Administraci\u00f3n"
}
],
"id": "CVE-2022-30860",
"lastModified": "2024-11-21T07:03:30.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-06T14:15:08.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/23"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-06 17:15
Modified
2024-11-21 06:57
Severity ?
Summary
FUDforum 3.1.1 is vulnerable to Stored XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB5EB78-E470-455D-933E-118BB6986F9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.1 is vulnerable to Stored XSS."
},
{
"lang": "es",
"value": "FUDforum versi\u00f3n 3.1.1, es vulnerable a un ataque de tipo XSS Almacenado"
}
],
"id": "CVE-2022-28545",
"lastModified": "2024-11-21T06:57:30.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-06T17:15:09.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA807086-1C52-4E6E-864F-BCF54CB70A98",
"versionEndIncluding": "3.0.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4BE982-3DC7-4C12-9819-4BA350B6C643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "904FA9DD-9285-48ED-A61E-041565988423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9607FD0-EF6C-4649-9404-ED934089FE49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A550500-C6B3-407F-B072-C4C4F6F2FC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CFA30F-D841-4211-833B-E1B9636A2EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EAC485-AD70-4615-864D-273A5BEA99C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3E131E-43D2-4721-95DC-2A18EAB6F30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A42EF2B-288F-4333-8AE2-899913A0E09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E62B292F-15F3-453E-A274-84B60835C11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5367204C-615C-4C1B-8F8C-BF3D0DDC58F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "291A28FC-DDD8-444B-927C-01F6688E4877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28411B91-90E8-421D-AC18-39EB4A3CB042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21311578-9C04-4A3A-8DD0-B371663BFB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B682FAA-1B15-4552-B3F0-5C10D91D3446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCF6FA4-EF68-42DF-937B-9D0073D55D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "142EC0E1-3286-4FC1-90CB-8D36FD97E59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E66CD67-55D1-48A0-9A19-D3153B7DC787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21D4EA6-C739-4BA0-ABBD-1E95CDD5E808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F68DB291-A958-4296-855A-B3CF19704E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A9D296-6C54-4436-AE77-0D5291415DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81684C0A-B31D-46F5-998F-21F1FDDFBBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A41890E-4C88-4161-9DE3-C273272176E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8AF21-93A9-4756-B2E8-313FA6638158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B14E676F-8A71-4607-80DC-F538F697E674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C42CAF4-3936-455F-AE02-312278C84FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB1238-BD1C-4A5E-9491-8AC343868FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C07DA566-0075-4297-8531-A5E7C03877FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5428C3B-997C-417E-932D-CD2E9139891D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B49C1DE2-FE7A-4AE0-AFB4-15C323C47817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63E5AFE9-C5FC-448D-B3FB-411C0CAB2174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA28579-5406-471B-A015-00DE3283B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC947E3-E98A-4673-B6A4-22C63BDAADBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF1BF48-11AE-4737-9F65-E01A3F8D5EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B04F-E6E4-452E-883A-B88DDDDF6AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C253560E-D233-43B0-86E6-F41690BEEDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB63A18-0C81-4C18-91CE-E9FC1497CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A0F3EF-9345-407B-8110-C6F8E44861CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6480F8-D5AF-418F-BBB7-E09941EAA56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E20EC310-AF18-4001-913C-849D60C86047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5A8FE4-FD41-4FB5-B0FA-C3C4669E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "699C28AF-95BD-44EA-BD50-F9616B53FBF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A60D274-69FA-4C37-A472-FEB1D18DA6C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4219A0-F0EA-4303-B46F-D170EB6B05B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9837B11A-A3AA-4CE7-A0BE-E9709D42ECD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0590709E-FD1E-4BF4-8158-09B243B87648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4DAE8A-8F53-4A66-9A42-BC468569D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C4331016-C28D-4C17-B6A2-11A7E45873E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DFADD332-B80D-4D04-AA20-147F00F3CB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8A60EFEB-036F-4828-8D17-069C0CF448D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51906E70-8317-4B8A-A384-13F62B0D24B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "50A53ED7-CB9B-4D83-8C67-BF14DDD5A081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2D688C-2A06-4381-A2FF-27CA81606A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F035957A-5FF8-43AA-8DF9-C132051FF1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A90D1C9D-E8C2-43D1-A87E-89DA4CBDE4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A616B2B6-49D7-42D2-8FFE-7D9B3B7FE13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCD51B8-AFBA-4D41-84ED-A5D41E4FAFC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en install/forum_data/src/custom_fields.inc.t en FUDforum v3.0.4.1 y anteriores, cuando se registra un nuevo usuario, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo de perfil personalizado a index.php. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2013-5309",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-16T17:55:09.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54293"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-17 19:15
Modified
2025-06-10 15:35
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "442E1EDD-6C83-4806-9ABD-4A41A3486900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross site scripting (XSS) almacenadas en FUDforum v3.1.3 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo de declaraciones SQL en /adm/admsql.php."
}
],
"id": "CVE-2024-30950",
"lastModified": "2025-06-10T15:35:56.830",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-17T19:15:07.420",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/fudforum/stored_xss_in_admsql.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/fudforum/stored_xss_in_admsql.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-13 15:15
Modified
2024-11-21 04:33
Severity ?
Summary
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fuzzlove/FUDforum-XSS-RCE | Exploit, Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fuzzlove/FUDforum-XSS-RCE | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C965BD-222A-44FF-872D-21F18C80CECC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server."
},
{
"lang": "es",
"value": "FUDForum versi\u00f3n 3.0.9, es vulnerable a un ataque de tipo XSS almacenado por medio del par\u00e1metro nlogin. Esto puede resultar en una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede utilizar una cuenta de usuario para comprometer completamente el sistema mediante una petici\u00f3n POST. Cuando el administrador visita la informaci\u00f3n del usuario, la carga \u00fatil ser\u00e1 ejecutada . Esto permitir\u00e1 que los archivos PHP se escriban en la root web y que el c\u00f3digo se ejecute en el servidor remoto."
}
],
"id": "CVE-2019-18839",
"lastModified": "2024-11-21T04:33:41.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-13T15:15:10.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-12 02:15
Modified
2024-11-21 04:33
Severity ?
Summary
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fuzzlove/FUDforum-XSS-RCE | Exploit, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/fudforum/code/6321/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fuzzlove/FUDforum-XSS-RCE | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/fudforum/code/6321/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C965BD-222A-44FF-872D-21F18C80CECC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under \"User Manager\" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php."
},
{
"lang": "es",
"value": "FUDForum versi\u00f3n 3.0.9, es vulnerable a un problema de tipo XSS Almacenado por medio del encabezado HTTP User-Agent. Esto puede resultar en una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede usar una cuenta de usuario para comprometer completamente el sistema por medio de una petici\u00f3n GET. Cuando el administrador visita la informaci\u00f3n del usuario bajo \"User Manager\" en el panel de control, la carga \u00fatil se ejecutar\u00e1. Esto permitir\u00e1 que los archivos PHP sean escritos en la root web y que el c\u00f3digo se ejecute en el servidor remoto. El problema est\u00e1 en los archivos admsession.php y admuser.php."
}
],
"id": "CVE-2019-18873",
"lastModified": "2024-11-21T04:33:45.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-12T02:15:10.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/fudforum/code/6321/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/fudforum/code/6321/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-19 19:15
Modified
2024-11-21 05:58
Severity ?
Summary
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/2 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/2 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F38C9CCE-ABB8-4093-9EED-D11EF11F8B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"author\" parameter."
},
{
"lang": "es",
"value": "Un problema de tipo cross-site scripting (XSS) en FUDForum versi\u00f3n 3.1.0, permite a atacantes remotos inyectar JavaScript por medio del archivo index.php en el par\u00e1metro \"author\""
}
],
"id": "CVE-2021-27520",
"lastModified": "2024-11-21T05:58:08.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-19T19:15:13.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-17 18:15
Modified
2025-06-10 15:37
Severity ?
Summary
FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "442E1EDD-6C83-4806-9ABD-4A41A3486900",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que FUDforum v3.1.3 conten\u00eda una vulnerabilidad de cross site scripting (XSS) reflejada a trav\u00e9s del par\u00e1metro chpos en /adm/admsmiley.php."
}
],
"id": "CVE-2024-30951",
"lastModified": "2025-06-10T15:37:30.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-17T18:15:15.947",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/fudforum/Reflected_xss_in_FUDforum.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/fudforum/Reflected_xss_in_FUDforum.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2022-30861 (GCVE-0-2022-30861)
Vulnerability from cvelistv5
Published
2022-06-06 13:40
Modified
2024-08-03 07:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/24 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T13:40:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/24",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30861",
"datePublished": "2022-06-06T13:40:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T07:03:39.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27519 (GCVE-0-2021-27519)
Vulnerability from cvelistv5
Published
2021-03-19 18:54
Modified
2024-08-03 21:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/2 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-03T16:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/2",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"name": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27519",
"datePublished": "2021-03-19T18:54:16",
"dateReserved": "2021-02-22T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5309 (GCVE-0-2013-5309)
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/p/fudforum/code/5589/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54293 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86030 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"name": "54293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54293"
},
{
"name": "fudforum-index-xss(86030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"name": "54293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54293"
},
{
"name": "fudforum-index-xss(86030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/fudforum/code/5589/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"name": "54293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54293"
},
{
"name": "fudforum-index-xss(86030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5309",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2267 (GCVE-0-2013-2267)
Vulnerability from cvelistv5
Published
2020-01-27 21:39
Modified
2024-08-06 15:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/58845 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83229 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58845"
},
{
"name": "83229",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T21:39:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "58845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58845"
},
{
"name": "83229",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58845"
},
{
"name": "83229",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2267",
"datePublished": "2020-01-27T21:39:36",
"dateReserved": "2013-02-21T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30951 (GCVE-0-2024-30951)
Vulnerability from cvelistv5
Published
2024-04-17 00:00
Modified
2024-11-22 15:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fudforum",
"vendor": "fudforum",
"versions": [
{
"status": "affected",
"version": "3.1.3"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30951",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T19:41:17.996081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T15:20:48.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:03.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/fudforum/Reflected_xss_in_FUDforum.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T18:10:08.770164",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/fudforum/Reflected_xss_in_FUDforum.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30951",
"datePublished": "2024-04-17T00:00:00",
"dateReserved": "2024-03-27T00:00:00",
"dateUpdated": "2024-11-22T15:20:48.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18839 (GCVE-0-2019-18839)
Vulnerability from cvelistv5
Published
2019-11-13 14:41
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzlove/FUDforum-XSS-RCE | x_refsource_MISC | |
| https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T14:41:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzlove/FUDforum-XSS-RCE",
"refsource": "MISC",
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"name": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18839",
"datePublished": "2019-11-13T14:41:56",
"dateReserved": "2019-11-09T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30860 (GCVE-0-2022-30860)
Vulnerability from cvelistv5
Published
2022-06-06 13:34
Modified
2024-08-03 07:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/23 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T13:34:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/23",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30860",
"datePublished": "2022-06-06T13:34:41",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27520 (GCVE-0-2021-27520)
Vulnerability from cvelistv5
Published
2021-03-19 18:53
Modified
2024-08-03 21:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/2 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"author\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-03T16:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"author\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/2",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"name": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27520",
"datePublished": "2021-03-19T18:53:54",
"dateReserved": "2021-02-22T00:00:00",
"dateUpdated": "2024-08-03T21:26:09.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-30950 (GCVE-0-2024-30950)
Vulnerability from cvelistv5
Published
2024-04-17 00:00
Modified
2024-08-02 01:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fudforum",
"vendor": "fudforum",
"versions": [
{
"status": "affected",
"version": "*3.13"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-30950",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T15:23:52.398105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:39:39.490Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:46:03.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/fudforum/stored_xss_in_admsql.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-17T18:22:02.276779",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/CrownZTX/vulnerabilities/blob/main/fudforum/stored_xss_in_admsql.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-30950",
"datePublished": "2024-04-17T00:00:00",
"dateReserved": "2024-03-27T00:00:00",
"dateUpdated": "2024-08-02T01:46:03.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18873 (GCVE-0-2019-18873)
Vulnerability from cvelistv5
Published
2019-11-12 01:01
Modified
2024-08-05 02:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzlove/FUDforum-XSS-RCE | x_refsource_MISC | |
| https://sourceforge.net/p/fudforum/code/6321/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/fudforum/code/6321/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under \"User Manager\" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T01:01:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/fudforum/code/6321/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under \"User Manager\" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzlove/FUDforum-XSS-RCE",
"refsource": "MISC",
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"name": "https://sourceforge.net/p/fudforum/code/6321/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/fudforum/code/6321/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18873",
"datePublished": "2019-11-12T01:01:11",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-28545 (GCVE-0-2022-28545)
Vulnerability from cvelistv5
Published
2022-05-06 16:30
Modified
2024-08-03 05:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FUDforum 3.1.1 is vulnerable to Stored XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b | x_refsource_MISC | |
| https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:15.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.1 is vulnerable to Stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:30:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDforum 3.1.1 is vulnerable to Stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"name": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28545",
"datePublished": "2022-05-06T16:30:58",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:15.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30863 (GCVE-0-2022-30863)
Vulnerability from cvelistv5
Published
2022-06-06 13:44
Modified
2024-08-03 07:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/24 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T13:44:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/24",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30863",
"datePublished": "2022-06-06T13:44:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T07:03:39.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}