Vulnerabilities > CVE-2003-0283 - HTML Injection Variant vulnerability in Phorum Message Form Field

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
phorum
exploit available
NVD
Published: 2003-06-16
Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.

Vulnerable Configurations

Part Description Count
Application
Phorum
28

Exploit-Db

descriptionPhorum 3.4.x Message Form Field HTML Injection Variant Vulnerability. CVE-2003-0283 . Webapps exploit for php platform
idEDB-ID:22579
last seen2016-02-02
modified2003-05-09
published2003-05-09
reporterWiciU
sourcehttps://www.exploit-db.com/download/22579/
titlePhorum 3.4.x Message Form Field HTML Injection Variant Vulnerability

References