FUDforum v3.1.3 exists to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.