CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
57.0%
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
Vendor | Product | Version | CPE |
---|---|---|---|
fudforum | fudforum | * | cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:* |
fudforum | fudforum | 2.7.2 | cpe:2.3:a:fudforum:fudforum:2.7.2:*:*:*:*:*:*:* |
fudforum | fudforum | 2.7.3 | cpe:2.3:a:fudforum:fudforum:2.7.3:*:*:*:*:*:*:* |
fudforum | fudforum | 2.7.4 | cpe:2.3:a:fudforum:fudforum:2.7.4:*:*:*:*:*:*:* |
fudforum | fudforum | 2.7.5 | cpe:2.3:a:fudforum:fudforum:2.7.5:*:*:*:*:*:*:* |
fudforum | fudforum | 2.7.6 | cpe:2.3:a:fudforum:fudforum:2.7.6:*:*:*:*:*:*:* |
fudforum | fudforum | 2.7.7 | cpe:2.3:a:fudforum:fudforum:2.7.7:*:*:*:*:*:*:* |
fudforum | fudforum | 2.8.0 | cpe:2.3:a:fudforum:fudforum:2.8.0:*:*:*:*:*:*:* |
fudforum | fudforum | 2.8.1 | cpe:2.3:a:fudforum:fudforum:2.8.1:*:*:*:*:*:*:* |
fudforum | fudforum | 3.0.0 | cpe:2.3:a:fudforum:fudforum:3.0.0:*:*:*:*:*:*:* |