CVE-2021-27519

MEDIUM NUCLEI

FUDForum 3.1.0 - Cross-Site Scripting via Index.php Srch Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-27519. PoCs published by Piyush Patil. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup describing a reflected XSS vulnerability in FUDForum 3.1.0 via the 'srch' parameter. It includes a payload and steps to reproduce but lacks executable exploit code.

Description

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.

Exploits (1)

exploitdb WRITEUP

by Piyush Patil · textwebappsphp

https://www.exploit-db.com/exploits/49942

View Code ZIP pw:eip

This is a writeup describing a reflected XSS vulnerability in FUDForum 3.1.0 via the 'srch' parameter. It includes a payload and steps to reproduce but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: FUDForum 3.1.0

No auth needed

Prerequisites: Access to the target FUDForum instance

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

FUDForum 3.1.0 - Cross-Site Scripting

MEDIUMVERIFIEDby kh4sh3i

Shodan: http.html:"Powered by: FUDforum" || http.html:"fudforum" || http.html:"powered by: fudforum"

FOFA: body="powered by: fudforum" || body="fudforum"

References (2)

Core 2

Core References

Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://github.com/fudforum/FUDforum/issues/2

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html

Scores

CVSS v3 6.1

EPSS 0.0760

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

fudforum/fudforum 3.1.0

Published Mar 19, 2021

Tracked Since Feb 18, 2026