Skip to content
FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)
JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
adminpanel.md
forumxss.md
fud.js

README.md

FUDforum-XSS-RCE

FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)

Multiple Stored XSS vulnerabilities have been found in FUDforum 3.0.9 that can result in remote code execution.

Stored XSS via username in forum: Info | Demo

Stored XSS via useragent in admin panel: Info | Demo

You can’t perform that action at this time.