Fuzzlove

**Name of the Vulnerable Software and Affected Versions** FUDForum version 3.0.9 **Description** The issue allows for Stored XSS via the `nlogin` parameter, potentially resulting in remote code execution. An attacker can use a user account to fully compromise the system by sending a POST request. When the admin visits the user information, the payload will execute, enabling the writing of PHP files to the web root and the execution of code on the remote server. **Recommendations** For FUDForum version 3.0.9, consider disabling the `nlogin` parameter as a temporary workaround until a patch is available. Restrict access to user information pages for admins to minimize the risk of exploitation. Avoid using the `nlogin` parameter in affected API endpoints until the issue is resolved.