Skip to main content

Fudforum

11 CVEs product

Monthly

CVE-2024-30950 LOW POC Monitor

A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2024-30951 MEDIUM POC This Month

FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-30863 MEDIUM POC This Month

FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fudforum
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-30861 MEDIUM POC This Month

FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fudforum
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-30860 HIGH POC THREAT This Week

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Fudforum
NVD GitHub
CVSS 3.1
7.2
EPSS
23.0%
CVE-2022-28545 MEDIUM PATCH This Month

FUDforum 3.1.1 is vulnerable to Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fudforum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-27520 MEDIUM POC This Month

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
6.4%
CVE-2021-27519 MEDIUM POC This Month

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
7.6%
CVE-2019-18839 CRITICAL POC Act Now

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Command Injection Fudforum
NVD GitHub
CVSS 3.1
9.0
EPSS
5.4%
CVE-2019-18873 CRITICAL POC Act Now

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Command Injection Fudforum
NVD GitHub Exploit-DB
CVSS 3.1
9.0
EPSS
8.2%
CVE-2013-5309 LOW POC Monitor

Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD
CVSS 2.0
2.6
EPSS
0.3%
EPSS 0% CVSS 3.5
LOW POC Monitor

A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC This Month

FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fudforum
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fudforum
NVD GitHub
EPSS 23% CVSS 7.2
HIGH POC THREAT This Week

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Fudforum
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

FUDforum 3.1.1 is vulnerable to Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fudforum
NVD GitHub
EPSS 6% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub Exploit-DB
EPSS 8% CVSS 6.1
MEDIUM POC This Month

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD GitHub Exploit-DB
EPSS 5% CVSS 9.0
CRITICAL POC Act Now

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS +2
NVD GitHub
EPSS 8% CVSS 9.0
CRITICAL POC Act Now

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS +2
NVD GitHub Exploit-DB
EPSS 0% CVSS 2.6
LOW POC Monitor

Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Fudforum
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy