Page 8 of 54 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 29EXPL: 3

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. • https://www.exploit-db.com/exploits/23819 https://www.exploit-db.com/exploits/23820 https://www.exploit-db.com/exploits/23818 http://marc.info/?l=bugtraq&m=107939479713136&w=2 http://phorum.org/changelog.txt http://secunia.com/advisories/11157 http://securitytracker.com/id?1009433 http://www.osvdb.org/4333 http://www.osvdb.org/4334 http://www.osvdb.org/4335 http://www.securityfocus.com/bid/9882 https://exchange.xforce.ibmcloud.com/vulnerabilities/15494 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. Vulnerabilidad de inyección de SQL en register.php de Phorum 3.4.5 y anteriores permite a atacantes remotos ejecutar comandos SLQ arbitrarios mediante el parámetro hide_email. • http://marc.info/?l=bugtraq&m=107340481804110&w=2 http://secunia.com/advisories/10567 http://www.osvdb.org/3508 http://www.securityfocus.com/bid/9363 https://exchange.xforce.ibmcloud.com/vulnerabilities/14146 •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. Múltiples vulneravilidades de secuencias de comandos en sitios cruzados (XSS) en Phorum 3.4.5 y anteriores pemite a atacantes inyectar código HTML o script web arbitrario mediante la función phorum_check_xss en common.php, la variable EditError en profile.php, y la variable Error en login.php. • http://marc.info/?l=bugtraq&m=107340481804110&w=2 http://phorum.org http://secunia.com/advisories/10567 http://www.osvdb.org/3434 http://www.osvdb.org/3506 http://www.osvdb.org/3510 http://www.securityfocus.com/bid/9361 http://www.securitytracker.com/id?1008633 https://exchange.xforce.ibmcloud.com/vulnerabilities/14145 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7571 https://exchange.xforce.ibmcloud.com/vulnerabilities/12499 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7572 http://www.securityfocus.com/bid/7573 http://www.securityfocus.com/bid/7576 http://www.securityfocus.com/bid/7577 http://www.securityfocus.com/bid/7584 https://exchange.xforce.ibmcloud.com/vulnerabilities/12487 https://exchange.xforce.ibmcloud.com/vulnerabilities/12502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •