Vulnerabilities > Phorum > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0784 | Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14 Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel. network phorum | 4.3 |
| 2005-05-02 | CVE-2005-0783 | Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14 Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. network phorum | 4.3 |
| 2004-12-31 | CVE-2004-2242 | Cross-Site Scripting vulnerability in Phorum 5.0.7Beta Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. network phorum | 4.3 |
| 2004-12-31 | CVE-2004-2241 | Cross-Site Scripting and SQL Injection vulnerability in Phorum 5.0.11 Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. network phorum | 4.3 |
| 2004-12-31 | CVE-2004-1518 | SQL Injection vulnerability in Phorum FOLLOW.PHP SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter. | 4.6 |
| 2004-03-15 | CVE-2004-1822 | Module Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. network phorum | 4.3 |
| 2004-01-20 | CVE-2004-0034 | Cross-Site Scripting/HTML Injection vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. network phorum | 4.3 |
| 2003-12-31 | CVE-2003-1486 | Information Exposure vulnerability in Phorum 3.4/3.4.1/3.4.2 Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | 5.0 |
| 2003-12-31 | CVE-2003-1467 | Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
| 2003-12-31 | CVE-2003-1465 | Path Traversal vulnerability in Phorum 3.4/3.4.1/3.4.2 Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. | 5.0 |