Vulnerabilities > CVE-2004-1822 - Module Cross-Site Scripting vulnerability in Phorum

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
phorum
exploit available
NVD
Published: 2004-03-15
Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.

Vulnerable Configurations

Part Description Count
Application
Phorum
29

Exploit-Db

  • descriptionPhorum 3.x login.php HTTP_REFERER XSS. CVE-2004-1822. Webapps exploit for php platform
    idEDB-ID:23819
    last seen2016-02-02
    modified2004-03-15
    published2004-03-15
    reporterJeiAr
    sourcehttps://www.exploit-db.com/download/23819/
    titlePhorum 3.x login.php HTTP_REFERER XSS
  • descriptionPhorum 3.x profile.php target Parameter XSS. CVE-2004-1822. Webapps exploit for php platform
    idEDB-ID:23820
    last seen2016-02-02
    modified2004-03-15
    published2004-03-15
    reporterJeiAr
    sourcehttps://www.exploit-db.com/download/23820/
    titlePhorum 3.x profile.php target Parameter XSS
  • descriptionPhorum 3.x register.php HTTP_REFERER XSS. CVE-2004-1822. Webapps exploit for php platform
    idEDB-ID:23818
    last seen2016-02-02
    modified2004-03-15
    published2004-03-15
    reporterJeiAr
    sourcehttps://www.exploit-db.com/download/23818/
    titlePhorum 3.x register.php HTTP_REFERER XSS

References