CVE-2013-5309 Information

Description

Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier when registering a new user allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.

Reference

http://secunia.com/advisories/54293 http://sourceforge.net/p/fudforum/code/5589/ https://exchange.xforce.ibmcloud.com/vulnerabilities/86030