Vulnerabilities > Phorum > Phorum > 3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-01-20 | CVE-2004-0035 | SQL Injection vulnerability in Phorum Registration Script hide_email SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | 7.5 |
2004-01-20 | CVE-2004-0034 | Cross-Site Scripting/HTML Injection vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. network phorum | 4.3 |
2003-12-31 | CVE-2003-1467 | Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
2003-06-16 | CVE-2003-0283 | HTML Injection Variant vulnerability in Phorum Message Form Field Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. network phorum | 6.8 |