CVSS: 6.1EPSS: 0%CPEs: 42EXPL: 1CVE-2005-2836
https://notcve.org/view.php?id=CVE-2005-2836
07 Sep 2005 — Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php. • http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0018.html •
CVSS: 8.2EPSS: 3%CPEs: 1EXPL: 1CVE-2005-0843 – Phorum 3.x/5.0.x - HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2005-0843
24 Mar 2005 — CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header. • https://www.exploit-db.com/exploits/25258 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2005-0783 – Phorum 5.0.14 - Multiple Subject and Attachment HTML Injection Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-0783
20 Mar 2005 — Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. • https://www.exploit-db.com/exploits/25223 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2005-0784
https://notcve.org/view.php?id=CVE-2005-0784
20 Mar 2005 — Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel. • http://marc.info/?l=bugtraq&m=111083279031544&w=2 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 2CVE-2004-1518
https://notcve.org/view.php?id=CVE-2004-1518
31 Dec 2004 — SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028609.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2110
https://notcve.org/view.php?id=CVE-2004-2110
31 Dec 2004 — SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. • http://marc.info/?l=bugtraq&m=107487971405960&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 3CVE-2004-2240
https://notcve.org/view.php?id=CVE-2004-2240
31 Dec 2004 — Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. • http://phorum.org/cvs-changelog-5.txt •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2004-2241
https://notcve.org/view.php?id=CVE-2004-2241
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch. • http://phorum.org/cvs-changelog-5.txt •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2004-2242 – Phorum 5.0.7 - Search Script Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2242
31 Dec 2004 — Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. • https://www.exploit-db.com/exploits/24331 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2243
https://notcve.org/view.php?id=CVE-2004-2243
31 Dec 2004 — Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous. • http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0999.html •