Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
FUDforum install/forum_data/src/custom_fields.inc.t 跨站脚本漏洞
Vulnerability Description
FUDforum是一套基于PHP和MySQL或PostgreSQL构建的开源论坛系统。该系统支持附件上传、拼写检查、模板定制等。 FUDforum 3.0.4.1及之前的版本中的install/forum_data/src/custom_fields.inc.t文件中存在跨站脚本漏洞,该漏洞源于程序没有充分过滤用户提交的输入。当注册新用户时,远程攻击者可通过向index.php脚本传送自定义配置文件字段,利用该漏洞注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A