22 matches found
CVE-2021-27520
A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter...
CVE-2019-18839
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...
EUVD-2019-8540
Malware in sbrugna...
EUVD-2002-1405
Malware in sbrugna...
EUVD-2022-52655
Malicious code in bioql PyPI...
CVE-2022-28545
FUDforum 3.1.1 is vulnerable to Stored XSS...
CVE-2022-30863
FUDForum 3.1.2 is vulnerable to Cross Site Scripting XSS via pagetitle param in Page Manager in the Admin Control Panel...
CVE-2022-30860
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel...
CVE-2022-30861
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature...
CVE-2019-18873
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...
CVE-2024-30951
FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting XSS vulnerability via the chpos parameter at /adm/admsmiley.php...
PT-2024-23688 · Fudforum · Fudforum
Name of the Vulnerable Software and Affected Versions: FUDforum version 3.1.3 Description: A reflected cross-site scripting XSS issue was discovered in FUDforum. The vulnerability is exploited via the chpos parameter at the "/adm/admsmiley.php" API endpoint. Recommendations: For FUDforum version...
Cross site scripting
FUDforum 3.1.1 is vulnerable to Stored XSS...
The vulnerability of the FUDforum internet forum, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.
The vulnerability of the FUDforum internet forum is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to inject arbitrary code during the administrator’s email reading process. This code can then...
FUDForum cross-site scripting vulnerability (CNVD-2021-22862)
FUDforum is an open source forum system built on PHP+MySQL/PostgreSQL. A cross-site scripting vulnerability exists in FUDForum 3.1.0. An attacker can exploit this vulnerability to inject JavaScript via the srch parameter in index.php...
Design/Logic Flaw
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...
Design/Logic Flaw
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload...
CVE-2002-1422
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters...
CVE-2002-1422
The CVE-2002-1422 issue affects FUDforum prior to 2.2.0. Vulnerable component: admbrowse.php. Root cause: the cur and dest parameters allow URL-encoded pathnames to be used in a way that enables remote attackers to create or delete files. Impact: file creation/deletion via the web interface, with...
CVE-2002-1422
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters...