26 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. Se presenta una vulnerabilidad de Cross-Site Scripting (XSS) en la pantalla de inicio de sesión del administrador en Phorum versiones anteriores a 5.2.18. • https://www.openwall.com/lists/oss-security/2011/10/18/9 https://www.phorum.org/phorum5/read.php?64%2C149588 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0

Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de administración en Phorum anterior a 5.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/50445 http://www.phorum.org/phorum5/read.php?64%2C151943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 5

Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter. Vulnerabilidad de XSS en la pantalla de la moderación de grupos en el centro de control (control.php) en Phorum anterior a 5.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro group. Phorum version 5.2.18 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/37683 http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html http://secunia.com/advisories/50445 http://www.phorum.org/phorum5/read.php?64%2C151943 http://www.securityfocus.com/bid/55275 https://exchange.xforce.ibmcloud.com/vulnerabilities/78124 https://www.htbridge.com/advisory/HTB23109 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 84EXPL: 0

Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en control.php en controlcenter en Phorum antes de v5.2.17, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a través del parámetro real_name. • http://holisticinfosec.org/content/view/184/45 http://secunia.com/advisories/45787 http://www.phorum.org/phorum5/read.php?64%2C149490%2C149490#msg-149490 http://www.securityfocus.com/bid/49347 https://exchange.xforce.ibmcloud.com/vulnerabilities/69456 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 83EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Phorum antes de v5.2.16 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. • http://jvn.jp/en/jp/JVN71435255/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068 http://www.phorum.org/phorum5/read.php?64%2C147504 • CWE-352: Cross-Site Request Forgery (CSRF) •