Vulnerabilites related to fudforum - fudforum
Vulnerability from fkie_nvd
Published
2021-03-19 19:15
Modified
2024-11-21 05:58
Severity ?
Summary
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/2 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/2 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F38C9CCE-ABB8-4093-9EED-D11EF11F8B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter."
},
{
"lang": "es",
"value": "Un problema de tipo cross-site scripting (XSS) en FUDForum versi\u00f3n 3.1.0, permite a atacantes remotos inyectar JavaScript por medio del archivo index.php en el par\u00e1metro \"srch\""
}
],
"id": "CVE-2021-27519",
"lastModified": "2024-11-21T05:58:08.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-19T19:15:13.913",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-19 19:15
Modified
2024-11-21 05:58
Severity ?
Summary
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/2 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/2 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F38C9CCE-ABB8-4093-9EED-D11EF11F8B07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"author\" parameter."
},
{
"lang": "es",
"value": "Un problema de tipo cross-site scripting (XSS) en FUDForum versi\u00f3n 3.1.0, permite a atacantes remotos inyectar JavaScript por medio del archivo index.php en el par\u00e1metro \"author\""
}
],
"id": "CVE-2021-27520",
"lastModified": "2024-11-21T05:58:08.957",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-19T19:15:13.977",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-06 14:15
Modified
2024-11-21 07:03
Severity ?
Summary
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/24 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/24 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18AA8770-4EEC-4E5B-963F-348FC17C5913",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel."
},
{
"lang": "es",
"value": "FUDForum versi\u00f3n 3.1.2, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del par\u00e1metro page_title en el Administrador de P\u00e1ginas del Panel de Control de Administraci\u00f3n"
}
],
"id": "CVE-2022-30863",
"lastModified": "2024-11-21T07:03:30.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-06T14:15:08.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-27 22:15
Modified
2024-11-21 01:51
Severity ?
Summary
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/58845 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/83229 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/58845 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/83229 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21311578-9C04-4A3A-8DD0-B371663BFB72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system."
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n de c\u00f3digo PHP en FUDforum Bulletin Board Software versi\u00f3n 3.0.4, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario sobre el sistema."
}
],
"id": "CVE-2013-2267",
"lastModified": "2024-11-21T01:51:22.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-27T22:15:10.423",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58845"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/58845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-06 17:15
Modified
2024-11-21 06:57
Severity ?
Summary
FUDforum 3.1.1 is vulnerable to Stored XSS.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB5EB78-E470-455D-933E-118BB6986F9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.1 is vulnerable to Stored XSS."
},
{
"lang": "es",
"value": "FUDforum versi\u00f3n 3.1.1, es vulnerable a un ataque de tipo XSS Almacenado"
}
],
"id": "CVE-2022-28545",
"lastModified": "2024-11-21T06:57:30.197",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-06T17:15:09.107",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-13 15:15
Modified
2024-11-21 04:33
Severity ?
Summary
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fuzzlove/FUDforum-XSS-RCE | Exploit, Third Party Advisory | |
| cve@mitre.org | https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fuzzlove/FUDforum-XSS-RCE | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C965BD-222A-44FF-872D-21F18C80CECC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server."
},
{
"lang": "es",
"value": "FUDForum versi\u00f3n 3.0.9, es vulnerable a un ataque de tipo XSS almacenado por medio del par\u00e1metro nlogin. Esto puede resultar en una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede utilizar una cuenta de usuario para comprometer completamente el sistema mediante una petici\u00f3n POST. Cuando el administrador visita la informaci\u00f3n del usuario, la carga \u00fatil ser\u00e1 ejecutada . Esto permitir\u00e1 que los archivos PHP se escriban en la root web y que el c\u00f3digo se ejecute en el servidor remoto."
}
],
"id": "CVE-2019-18839",
"lastModified": "2024-11-21T04:33:41.247",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-13T15:15:10.260",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-12 02:15
Modified
2024-11-21 04:33
Severity ?
Summary
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fuzzlove/FUDforum-XSS-RCE | Exploit, Third Party Advisory | |
| cve@mitre.org | https://sourceforge.net/p/fudforum/code/6321/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fuzzlove/FUDforum-XSS-RCE | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sourceforge.net/p/fudforum/code/6321/ | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C965BD-222A-44FF-872D-21F18C80CECC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under \"User Manager\" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php."
},
{
"lang": "es",
"value": "FUDForum versi\u00f3n 3.0.9, es vulnerable a un problema de tipo XSS Almacenado por medio del encabezado HTTP User-Agent. Esto puede resultar en una ejecuci\u00f3n de c\u00f3digo remota. Un atacante puede usar una cuenta de usuario para comprometer completamente el sistema por medio de una petici\u00f3n GET. Cuando el administrador visita la informaci\u00f3n del usuario bajo \"User Manager\" en el panel de control, la carga \u00fatil se ejecutar\u00e1. Esto permitir\u00e1 que los archivos PHP sean escritos en la root web y que el c\u00f3digo se ejecute en el servidor remoto. El problema est\u00e1 en los archivos admsession.php y admuser.php."
}
],
"id": "CVE-2019-18873",
"lastModified": "2024-11-21T04:33:45.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-12T02:15:10.267",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/fudforum/code/6321/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://sourceforge.net/p/fudforum/code/6321/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-06 14:15
Modified
2024-11-21 07:03
Severity ?
Summary
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/23 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/23 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82EDE851-3D93-4B5D-86FC-4F68A58D2F14",
"versionEndExcluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel."
},
{
"lang": "es",
"value": "FUDforum versi\u00f3n 3.1.2, es vulnerable a una Ejecuci\u00f3n Remota de C\u00f3digo mediante una caracter\u00edstica Upload File del Sistema de Administraci\u00f3n de Archivos en el Panel de Control de Administraci\u00f3n"
}
],
"id": "CVE-2022-30860",
"lastModified": "2024-11-21T07:03:30.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-06T14:15:08.257",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/23"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/23"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-06-06 14:15
Modified
2024-11-21 07:03
Severity ?
Summary
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/fudforum/FUDforum/issues/24 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/fudforum/FUDforum/issues/24 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18AA8770-4EEC-4E5B-963F-348FC17C5913",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature."
},
{
"lang": "es",
"value": "FUDforum versi\u00f3n 3.1.2, es vulnerable a un ataque de tipo XSS almacenado por medio del campo Forum Name en la funcionalidad Forum Manager"
}
],
"id": "CVE-2022-30861",
"lastModified": "2024-11-21T07:03:30.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-06T14:15:08.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA807086-1C52-4E6E-864F-BCF54CB70A98",
"versionEndIncluding": "3.0.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4BE982-3DC7-4C12-9819-4BA350B6C643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "904FA9DD-9285-48ED-A61E-041565988423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9607FD0-EF6C-4649-9404-ED934089FE49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A550500-C6B3-407F-B072-C4C4F6F2FC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CFA30F-D841-4211-833B-E1B9636A2EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EAC485-AD70-4615-864D-273A5BEA99C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3E131E-43D2-4721-95DC-2A18EAB6F30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A42EF2B-288F-4333-8AE2-899913A0E09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E62B292F-15F3-453E-A274-84B60835C11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5367204C-615C-4C1B-8F8C-BF3D0DDC58F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "291A28FC-DDD8-444B-927C-01F6688E4877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28411B91-90E8-421D-AC18-39EB4A3CB042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21311578-9C04-4A3A-8DD0-B371663BFB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B682FAA-1B15-4552-B3F0-5C10D91D3446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCF6FA4-EF68-42DF-937B-9D0073D55D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "142EC0E1-3286-4FC1-90CB-8D36FD97E59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E66CD67-55D1-48A0-9A19-D3153B7DC787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21D4EA6-C739-4BA0-ABBD-1E95CDD5E808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F68DB291-A958-4296-855A-B3CF19704E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A9D296-6C54-4436-AE77-0D5291415DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81684C0A-B31D-46F5-998F-21F1FDDFBBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A41890E-4C88-4161-9DE3-C273272176E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8AF21-93A9-4756-B2E8-313FA6638158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B14E676F-8A71-4607-80DC-F538F697E674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C42CAF4-3936-455F-AE02-312278C84FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB1238-BD1C-4A5E-9491-8AC343868FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C07DA566-0075-4297-8531-A5E7C03877FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5428C3B-997C-417E-932D-CD2E9139891D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B49C1DE2-FE7A-4AE0-AFB4-15C323C47817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63E5AFE9-C5FC-448D-B3FB-411C0CAB2174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA28579-5406-471B-A015-00DE3283B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC947E3-E98A-4673-B6A4-22C63BDAADBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF1BF48-11AE-4737-9F65-E01A3F8D5EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B04F-E6E4-452E-883A-B88DDDDF6AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C253560E-D233-43B0-86E6-F41690BEEDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB63A18-0C81-4C18-91CE-E9FC1497CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A0F3EF-9345-407B-8110-C6F8E44861CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6480F8-D5AF-418F-BBB7-E09941EAA56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E20EC310-AF18-4001-913C-849D60C86047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5A8FE4-FD41-4FB5-B0FA-C3C4669E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "699C28AF-95BD-44EA-BD50-F9616B53FBF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A60D274-69FA-4C37-A472-FEB1D18DA6C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4219A0-F0EA-4303-B46F-D170EB6B05B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9837B11A-A3AA-4CE7-A0BE-E9709D42ECD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0590709E-FD1E-4BF4-8158-09B243B87648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4DAE8A-8F53-4A66-9A42-BC468569D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C4331016-C28D-4C17-B6A2-11A7E45873E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DFADD332-B80D-4D04-AA20-147F00F3CB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8A60EFEB-036F-4828-8D17-069C0CF448D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51906E70-8317-4B8A-A384-13F62B0D24B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "50A53ED7-CB9B-4D83-8C67-BF14DDD5A081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2D688C-2A06-4381-A2FF-27CA81606A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F035957A-5FF8-43AA-8DF9-C132051FF1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A90D1C9D-E8C2-43D1-A87E-89DA4CBDE4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A616B2B6-49D7-42D2-8FFE-7D9B3B7FE13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCD51B8-AFBA-4D41-84ED-A5D41E4FAFC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en install/forum_data/src/custom_fields.inc.t en FUDforum v3.0.4.1 y anteriores, cuando se registra un nuevo usuario, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo de perfil personalizado a index.php. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2013-5309",
"lastModified": "2024-11-21T01:57:16.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-16T17:55:09.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54293"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2013-2267
Vulnerability from cvelistv5
Published
2020-01-27 21:39
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/58845 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/83229 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "58845",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58845"
},
{
"name": "83229",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-27T21:39:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "58845",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58845"
},
{
"name": "83229",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58845"
},
{
"name": "83229",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2267",
"datePublished": "2020-01-27T21:39:36",
"dateReserved": "2013-02-21T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18839
Vulnerability from cvelistv5
Published
2019-11-13 14:41
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzlove/FUDforum-XSS-RCE | x_refsource_MISC | |
| https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.793Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T14:41:56",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzlove/FUDforum-XSS-RCE",
"refsource": "MISC",
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"name": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18839",
"datePublished": "2019-11-13T14:41:56",
"dateReserved": "2019-11-09T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-18873
Vulnerability from cvelistv5
Published
2019-11-12 01:01
Modified
2024-08-05 02:02
Severity ?
EPSS score ?
Summary
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fuzzlove/FUDforum-XSS-RCE | x_refsource_MISC | |
| https://sourceforge.net/p/fudforum/code/6321/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:02:39.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sourceforge.net/p/fudforum/code/6321/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under \"User Manager\" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T01:01:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sourceforge.net/p/fudforum/code/6321/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under \"User Manager\" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fuzzlove/FUDforum-XSS-RCE",
"refsource": "MISC",
"url": "https://github.com/fuzzlove/FUDforum-XSS-RCE"
},
{
"name": "https://sourceforge.net/p/fudforum/code/6321/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/fudforum/code/6321/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18873",
"datePublished": "2019-11-12T01:01:11",
"dateReserved": "2019-11-12T00:00:00",
"dateUpdated": "2024-08-05T02:02:39.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27520
Vulnerability from cvelistv5
Published
2021-03-19 18:53
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/2 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"author\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-03T16:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"author\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/2",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"name": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27520",
"datePublished": "2021-03-19T18:53:54",
"dateReserved": "2021-02-22T00:00:00",
"dateUpdated": "2024-08-03T21:26:09.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-5309
Vulnerability from cvelistv5
Published
2013-08-16 17:00
Modified
2024-08-06 17:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/p/fudforum/code/5589/ | x_refsource_CONFIRM | |
| http://secunia.com/advisories/54293 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/86030 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.321Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"name": "54293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/54293"
},
{
"name": "fudforum-index-xss(86030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"name": "54293",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/54293"
},
{
"name": "fudforum-index-xss(86030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/fudforum/code/5589/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"name": "54293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54293"
},
{
"name": "fudforum-index-xss(86030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-5309",
"datePublished": "2013-08-16T17:00:00",
"dateReserved": "2013-08-16T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.321Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30860
Vulnerability from cvelistv5
Published
2022-06-06 13:34
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/23 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/23"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T13:34:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/23"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/23",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/23"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30860",
"datePublished": "2022-06-06T13:34:41",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T07:03:40.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30861
Vulnerability from cvelistv5
Published
2022-06-06 13:40
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/24 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T13:40:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/24",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30861",
"datePublished": "2022-06-06T13:40:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T07:03:39.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30863
Vulnerability from cvelistv5
Published
2022-06-06 13:44
Modified
2024-08-03 07:03
Severity ?
EPSS score ?
Summary
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/24 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-06T13:44:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/24",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/24"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30863",
"datePublished": "2022-06-06T13:44:00",
"dateReserved": "2022-05-16T00:00:00",
"dateUpdated": "2024-08-03T07:03:39.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27519
Vulnerability from cvelistv5
Published
2021-03-19 18:54
Modified
2024-08-03 21:26
Severity ?
EPSS score ?
Summary
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/issues/2 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-03T16:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the \"srch\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/issues/2",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/issues/2"
},
{
"name": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27519",
"datePublished": "2021-03-19T18:54:16",
"dateReserved": "2021-02-22T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-28545
Vulnerability from cvelistv5
Published
2022-05-06 16:30
Modified
2024-08-03 05:56
Severity ?
EPSS score ?
Summary
FUDforum 3.1.1 is vulnerable to Stored XSS.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b | x_refsource_MISC | |
| https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:56:15.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "FUDforum 3.1.1 is vulnerable to Stored XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T16:30:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-28545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FUDforum 3.1.1 is vulnerable to Stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/commit/8ff446881932a45ce538b84a76f833d44eada93b"
},
{
"name": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390",
"refsource": "MISC",
"url": "https://github.com/fudforum/FUDforum/commit/aed69661b6f876c916abec9ca4fcf5035b8e2390"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-28545",
"datePublished": "2022-05-06T16:30:58",
"dateReserved": "2022-04-04T00:00:00",
"dateUpdated": "2024-08-03T05:56:15.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}