CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1467
https://notcve.org/view.php?id=CVE-2003-1467
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7572 http://www.securityfocus.com/bid/7573 http://www.securityfocus.com/bid/7576 http://www.securityfocus.com/bid/7577 http://www.securityfocus.com/bid/7584 https://exchange.xforce.ibmcloud.com/vulnerabilities/12487 https://exchange.xforce.ibmcloud.com/vulnerabilities/12502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1CVE-2003-0283 – Phorum 3.4.x - 'Message Form' HTML Injection
https://notcve.org/view.php?id=CVE-2003-0283
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. Vulnerabilidad de secuencias de comandos en sitios cruzados en Phorum anterior a la 3.4.3 permite que atacantes remotos inyecten script web arbitrario y tags HTML mediante un mensaje con una "<<" anterior a un nombre de etiqueta en (1) asunto, (2) nombre de autor, ó (3) dirección de correo electrónico del autor. • https://www.exploit-db.com/exploits/22579 http://marc.info/?l=bugtraq&m=105251043821533&w=2 http://marc.info/?l=bugtraq&m=105251421925394&w=2 http://www.securityfocus.com/bid/7545 https://exchange.xforce.ibmcloud.com/vulnerabilities/11974 •