Page 9 of 55 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7572 http://www.securityfocus.com/bid/7573 http://www.securityfocus.com/bid/7576 http://www.securityfocus.com/bid/7577 http://www.securityfocus.com/bid/7584 https://exchange.xforce.ibmcloud.com/vulnerabilities/12487 https://exchange.xforce.ibmcloud.com/vulnerabilities/12502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7581 http://www.securityfocus.com/bid/7583 •

CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7574 http://www.securityfocus.com/bid/7578 http://www.securityfocus.com/bid/7579 https://exchange.xforce.ibmcloud.com/vulnerabilities/12500 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 2

Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7569 https://exchange.xforce.ibmcloud.com/vulnerabilities/12482 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 1

Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. Vulnerabilidad de secuencias de comandos en sitios cruzados en Phorum anterior a la 3.4.3 permite que atacantes remotos inyecten script web arbitrario y tags HTML mediante un mensaje con una "<<" anterior a un nombre de etiqueta en (1) asunto, (2) nombre de autor, ó (3) dirección de correo electrónico del autor. • https://www.exploit-db.com/exploits/22579 http://marc.info/?l=bugtraq&m=105251043821533&w=2 http://marc.info/?l=bugtraq&m=105251421925394&w=2 http://www.securityfocus.com/bid/7545 https://exchange.xforce.ibmcloud.com/vulnerabilities/11974 •