CVE-2021-27520

MEDIUM NUCLEI

FUDForum 3.1.0 - Cross-Site Scripting via Author Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-27520. PoCs published by Piyush Patil. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in FUDForum 3.1.0 via the 'author' parameter in index.php. The payload triggers when hovering over injected text in the 'Filter by User' search field.

Description

A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.

Exploits (1)

exploitdb WORKING POC
by Piyush Patil · textwebappsphp
https://www.exploit-db.com/exploits/49943

This exploit demonstrates a reflected XSS vulnerability in FUDForum 3.1.0 via the 'author' parameter in index.php. The payload triggers when hovering over injected text in the 'Filter by User' search field.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: FUDForum 3.1.0
No auth needed
Prerequisites: Access to the FUDForum search page
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

FUDForum 3.1.0 - Cross-Site Scripting
MEDIUMVERIFIEDby r3Y3r53
Shodan: html:"FUDforum" || http.html:"fudforum" || http.html:"powered by: fudforum"
FOFA: body="powered by: fudforum" || body="fudforum"

References (2)

Core 2
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/fudforum/FUDforum/issues/2
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/162942/FUDForum-3.1.0-Cross-Site-Scripting.html

Scores

CVSS v3 6.1
EPSS 0.0640
EPSS Percentile 92.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
fudforum/fudforum 3.1.0
Published Mar 19, 2021
Tracked Since Feb 18, 2026