A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote malicious users to inject JavaScript via index.php in the "author" parameter.
fudforum fudforum 3.1.0