2.3.1

DATE	CVE	VULNERABILITY TITLE	RISK
2013-08-16	CVE-2013-5309	Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. network high complexity fudforum ilia-alshanetsky CWE-79	2.6
2005-09-02	CVE-2005-2781	Unspecified vulnerability in Ilia Alshanetsky Fudforum The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code. network low complexity ilia-alshanetsky	7.5