fkie_cve-2013-5309
Vulnerability from fkie_nvd
Published
2013-08-16 17:55
Modified
2024-11-21 01:57
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fudforum:fudforum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA807086-1C52-4E6E-864F-BCF54CB70A98",
"versionEndIncluding": "3.0.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4BE982-3DC7-4C12-9819-4BA350B6C643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "904FA9DD-9285-48ED-A61E-041565988423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C9607FD0-EF6C-4649-9404-ED934089FE49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1A550500-C6B3-407F-B072-C4C4F6F2FC8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CFA30F-D841-4211-833B-E1B9636A2EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E6EAC485-AD70-4615-864D-273A5BEA99C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3E131E-43D2-4721-95DC-2A18EAB6F30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A42EF2B-288F-4333-8AE2-899913A0E09A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E62B292F-15F3-453E-A274-84B60835C11B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5367204C-615C-4C1B-8F8C-BF3D0DDC58F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "291A28FC-DDD8-444B-927C-01F6688E4877",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28411B91-90E8-421D-AC18-39EB4A3CB042",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:fudforum:fudforum:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21311578-9C04-4A3A-8DD0-B371663BFB72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:1.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0B682FAA-1B15-4552-B3F0-5C10D91D3446",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCF6FA4-EF68-42DF-937B-9D0073D55D85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "142EC0E1-3286-4FC1-90CB-8D36FD97E59C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E66CD67-55D1-48A0-9A19-D3153B7DC787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A21D4EA6-C739-4BA0-ABBD-1E95CDD5E808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F68DB291-A958-4296-855A-B3CF19704E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8A9D296-6C54-4436-AE77-0D5291415DBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81684C0A-B31D-46F5-998F-21F1FDDFBBEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A41890E-4C88-4161-9DE3-C273272176E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDB8AF21-93A9-4756-B2E8-313FA6638158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B14E676F-8A71-4607-80DC-F538F697E674",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C42CAF4-3936-455F-AE02-312278C84FD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00EB1238-BD1C-4A5E-9491-8AC343868FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C07DA566-0075-4297-8531-A5E7C03877FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5428C3B-997C-417E-932D-CD2E9139891D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B49C1DE2-FE7A-4AE0-AFB4-15C323C47817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "63E5AFE9-C5FC-448D-B3FB-411C0CAB2174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA28579-5406-471B-A015-00DE3283B8C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC947E3-E98A-4673-B6A4-22C63BDAADBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2BF1BF48-11AE-4737-9F65-E01A3F8D5EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94B04F-E6E4-452E-883A-B88DDDDF6AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C253560E-D233-43B0-86E6-F41690BEEDCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB63A18-0C81-4C18-91CE-E9FC1497CB82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0A0F3EF-9345-407B-8110-C6F8E44861CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6480F8-D5AF-418F-BBB7-E09941EAA56E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E20EC310-AF18-4001-913C-849D60C86047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5A8FE4-FD41-4FB5-B0FA-C3C4669E42C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "699C28AF-95BD-44EA-BD50-F9616B53FBF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3A60D274-69FA-4C37-A472-FEB1D18DA6C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4219A0-F0EA-4303-B46F-D170EB6B05B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9837B11A-A3AA-4CE7-A0BE-E9709D42ECD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0590709E-FD1E-4BF4-8158-09B243B87648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EA4DAE8A-8F53-4A66-9A42-BC468569D31B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C4331016-C28D-4C17-B6A2-11A7E45873E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DFADD332-B80D-4D04-AA20-147F00F3CB0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8A60EFEB-036F-4828-8D17-069C0CF448D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51906E70-8317-4B8A-A384-13F62B0D24B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "50A53ED7-CB9B-4D83-8C67-BF14DDD5A081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2D688C-2A06-4381-A2FF-27CA81606A69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F035957A-5FF8-43AA-8DF9-C132051FF1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A90D1C9D-E8C2-43D1-A87E-89DA4CBDE4BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A616B2B6-49D7-42D2-8FFE-7D9B3B7FE13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ilia_alshanetsky:fudforum:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECCD51B8-AFBA-4D41-84ED-A5D41E4FAFC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-site scripting (XSS) en install/forum_data/src/custom_fields.inc.t en FUDforum v3.0.4.1 y anteriores, cuando se registra un nuevo usuario, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del campo de perfil personalizado a index.php. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2013-5309",
"lastModified": "2024-11-21T01:57:16.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-08-16T17:55:09.740",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54293"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/54293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://sourceforge.net/p/fudforum/code/5589/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.