4 matches found
CVE-2019-18873
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...
Design/Logic Flaw
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...
CVE-2019-18873
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...
CVE-2019-18873
FUDForum 3.0.9 is affected by CVE-2019-18873 (and related CVE in sources) via Stored XSS in the User-Agent header, enabling remote code execution. The issue arises in admsession.php and admuser.php, and requires an authenticated user to trigger the attack; when an admin visits the affected area u...