Sonnguyen3496

**Name of the Vulnerable Software and Affected Versions** FUDforum version 3.1.2 **Description** The issue allows for Remote Code Execution through the Upload File feature of the File Administration System in the Admin Control Panel. **Recommendations** For FUDforum version 3.1.2, consider disabling the Upload File feature in the Admin Control Panel as a temporary workaround until a patch is available. Restrict access to the File Administration System to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FUDforum version 3.1.2 **Description** The issue is related to Stored XSS via the Forum Name field in the Forum Manager Feature. This allows for malicious code to be stored and executed when the forum name is displayed. **Recommendations** For FUDforum version 3.1.2, consider restricting access to the Forum Manager Feature until a patch is available, and avoid using the Forum Name field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FUDForum version 3.1.2 **Description** The issue is related to Cross Site Scripting (XSS) via the `page title` param in the Page Manager within the Admin Control Panel. **Recommendations** For FUDForum version 3.1.2, consider restricting access to the Page Manager in the Admin Control Panel to minimize the risk of exploitation, and avoid using the `page title` param until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.