Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-forum vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-0398
Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote malicious users to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.
Arnotic A-forum
NA
CVE-2009-4884
Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.p...
Bernhard Frohlich Phpcom 2.1.8
NA
CVE-2012-3391
mod/forum/rsslib.php in Moodle 2.1.x prior to 2.1.7 and 2.2.x prior to 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and r...
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.2.0
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.2.3
4.8
CVSSv3
CVE-2022-39839
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.
Cotonti Cotonti Siena 0.9.20
NA
CVE-2009-2401
Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote malicious users to inject arbitrary web script or HTML via a forum post.
Phpecho Cms Phpecho Cms 2.0-rc3
1 EDB exploit
9.8
CVSSv3
CVE-2021-32608
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post.
Smartstore Smartstore
NA
CVE-2010-1630
Unspecified vulnerability in posting.php in phpBB prior to 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."
Phpbb Phpbb
Phpbb Phpbb 3.0.2
Phpbb Phpbb 3.0.0
Phpbb Phpbb 3.0.3
Phpbb Phpbb 3.0.1
NA
CVE-2001-0970
Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote malicious users to execute arbitrary script on other clients via a forum message that contains the script.
Tdavid Td Forum 1.2
NA
CVE-2003-1454
Invision Power Services Invision Board 1.0 up to and including 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote malicious users to gain access.
Invision Power Services Invision Board 1.1.1
Invision Power Services Invision Board 1.0
Invision Power Services Invision Board 1.0.1
NA
CVE-2024-25981
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »