HTML Injection vulnerability in Phorum

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

phorum

NVD

Published: 2004-01-20

Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.

Vulnerable Configurations

Part	Description	Count
Application	Phorum Phorum Phorum - Phorum Phorum 3.0.7 Phorum Phorum 3.1 Phorum Phorum 3.1.1 Phorum Phorum 3.1.2 Phorum Phorum 3.2 Phorum Phorum 3.2.2 Phorum Phorum 3.2.3 Phorum Phorum 3.2.4 Phorum Phorum 3.2.5 Phorum Phorum 3.2.6 Phorum Phorum 3.2.7 Phorum Phorum 3.2.8 Phorum Phorum 3.2.11 Phorum Phorum 3.3.1 Phorum Phorum 3.3.2 Phorum Phorum 3.4 Phorum Phorum 3.4.1 Phorum Phorum 3.4.2 Phorum Phorum 3.4.3 Phorum Phorum 3.4.4 Phorum Phorum 3.4.5	30

Summary

Vulnerable Configurations

References