CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2003-0283 – Phorum 3.4.x - 'Message Form' HTML Injection
https://notcve.org/view.php?id=CVE-2003-0283
14 May 2003 — Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. Vulnerabilidad de secuencias de comandos en sitios cruzados en Phorum anterior a la 3.4.3 permite que atacantes remotos inyecten script web arbitrario y tags HTML mediante un mensaje con una "<<" anterior a un nombre de etiqueta en (1) asunto, (2) nombre de autor, ó (3) d... • https://www.exploit-db.com/exploits/22579 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2002-2340
https://notcve.org/view.php?id=CVE-2002-2340
31 Dec 2002 — Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response. • http://marc.info/?l=vuln-dev&m=102121925428844&w=2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 22%CPEs: 1EXPL: 2CVE-2002-0764 – Phorum 3.3.2a - Remote Command Execution
https://notcve.org/view.php?id=CVE-2002-0764
26 Jul 2002 — Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands. • https://www.exploit-db.com/exploits/21459 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0352
https://notcve.org/view.php?id=CVE-2002-0352
03 May 2002 — Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication. • http://marc.info/?l=bugtraq&m=101508207206900&w=2 •
CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 3CVE-2000-1228 – Phorum 3.0.7 - 'admin.php3' Unverified Administrative Password Change
https://notcve.org/view.php?id=CVE-2000-1228
31 Dec 2000 — Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables. • https://www.exploit-db.com/exploits/20586 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2000-1229
https://notcve.org/view.php?id=CVE-2000-1229
31 Dec 2000 — Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3. • http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 3CVE-2000-1230 – Phorum 3.0.7 - 'auth.php3' Backdoor Access
https://notcve.org/view.php?id=CVE-2000-1230
31 Dec 2000 — Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman". • https://www.exploit-db.com/exploits/20588 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2000-1231
https://notcve.org/view.php?id=CVE-2000-1231
31 Dec 2000 — code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string. • http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2000-1232
https://notcve.org/view.php?id=CVE-2000-1232
31 Dec 2000 — upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method. • http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2000-1233
https://notcve.org/view.php?id=CVE-2000-1233
31 Dec 2000 — SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter. • http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html •