Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2004-1822

Published: 15/03/2004 Updated: 11/07/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 445
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Phorum

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 up to and including 5.0.3 beta allow remote malicious users to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.

Vulnerable Product Search on Vulmon Subscribe to Product

phorum phorum 3.1.1a

phorum phorum 3.1.2

phorum phorum 3.2.5

phorum phorum 3.2.6

phorum phorum 3.2.7

phorum phorum 3.4

phorum phorum 3.4.1

phorum phorum 3.1

phorum phorum 3.1.1

phorum phorum 3.2.3

phorum phorum 3.2.3a

phorum phorum 3.3.1a

phorum phorum 3.3.2

phorum phorum 3.4.4

phorum phorum 3.4.5

phorum phorum 3.2

phorum phorum 3.2.2

phorum phorum 3.2.8

phorum phorum 3.3.1

phorum phorum 3.4.2

phorum phorum 3.4.3

phorum phorum 3.1.1_pre

phorum phorum 3.1.1_rc2

phorum phorum 3.2.3b

phorum phorum 3.2.4

phorum phorum 3.3.2a

phorum phorum 3.3.2b3

phorum phorum 3.4.6

phorum phorum 5.0.3_beta

Exploits

Exploit DB: Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting
source: wwwsecurityfocuscom/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules The issue presents itself across multiple modules including 'loginphp', 'registerphp', and 'profilephp' These modules employ two hidden variables named 'f' and 'target', which are passed ...
Exploit DB: Phorum 3.x - 'profile.php?target' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules The issue presents itself across multiple modules including 'loginphp', 'registerphp', and 'profilephp' These modules employ two hidden variables named 'f' and 'target', which are passe ...
Exploit DB: Phorum 3.x - 'register.php' HTTP_REFERER Cross-Site Scripting
source: wwwsecurityfocuscom/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules The issue presents itself across multiple modules including 'loginphp', 'registerphp', and 'profilephp' These modules employ two hidden variables named 'f' and 'target', which are passed ...

References

NVD-CWE-Otherhttp://phorum.org/changelog.txthttp://www.securityfocus.com/bid/9882http://secunia.com/advisories/11157http://www.osvdb.org/4333http://www.osvdb.org/4334http://www.osvdb.org/4335http://securitytracker.com/id?1009433http://marc.info/?l=bugtraq&m=107939479713136&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/15494https://nvd.nist.govhttps://www.exploit-db.com/exploits/23819/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333CVE-2024-33901CVE-2024-36001CVE-2024-2835firewallXPath injectionauthentication bypassCVE-2024-22120CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook