Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-forum vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-0398
Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote malicious users to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.
Arnotic A-forum
6.8
CVSSv2
CVE-2009-4884
Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.p...
Bernhard Frohlich Phpcom 2.1.8
4
CVSSv2
CVE-2012-3391
mod/forum/rsslib.php in Moodle 2.1.x prior to 2.1.7 and 2.2.x prior to 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and r...
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.2.0
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.2.3
NA
CVE-2022-39839
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.
Cotonti Cotonti Siena 0.9.20
4.3
CVSSv2
CVE-2009-2401
Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote malicious users to inject arbitrary web script or HTML via a forum post.
Phpecho Cms Phpecho Cms 2.0-rc3
1 EDB exploit
7.5
CVSSv2
CVE-2021-32608
An issue exists in Smartstore (aka SmartStoreNET) up to and including 4.1.1. Views/Boards/Partials/_ForumPost.cshtml does not call HtmlUtils.SanitizeHtml on certain text for a forum post.
Smartstore Smartstore
7.5
CVSSv2
CVE-2001-0970
Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote malicious users to execute arbitrary script on other clients via a forum message that contains the script.
Tdavid Td Forum 1.2
7.5
CVSSv2
CVE-2010-1630
Unspecified vulnerability in posting.php in phpBB prior to 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."
Phpbb Phpbb
Phpbb Phpbb 3.0.2
Phpbb Phpbb 3.0.0
Phpbb Phpbb 3.0.3
Phpbb Phpbb 3.0.1
NA
CVE-2024-25981
Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.
5
CVSSv2
CVE-2003-1454
Invision Power Services Invision Board 1.0 up to and including 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote malicious users to gain access.
Invision Power Services Invision Board 1.1.1
Invision Power Services Invision Board 1.0
Invision Power Services Invision Board 1.0.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »