This HTML file demonstrates two vulnerabilities in FluxBB 1.5.3: a stored XSS via the 'form[board_title]' parameter in admin_options.php and an open redirect via the 'redirect_url' parameter in misc.php. The PoC includes pre-filled forms to trigger these issues.
Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:FluxBB 1.5.3
Auth required
Prerequisites:Admin access to FluxBB for XSS · User interaction for redirect