CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2004-0034
https://notcve.org/view.php?id=CVE-2004-0034
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. Múltiples vulneravilidades de secuencias de comandos en sitios cruzados (XSS) en Phorum 3.4.5 y anteriores pemite a atacantes inyectar código HTML o script web arbitrario mediante la función phorum_check_xss en common.php, la variable EditError en profile.php, y la variable Error en login.php. • http://marc.info/?l=bugtraq&m=107340481804110&w=2 http://phorum.org http://secunia.com/advisories/10567 http://www.osvdb.org/3434 http://www.osvdb.org/3506 http://www.osvdb.org/3510 http://www.securityfocus.com/bid/9361 http://www.securitytracker.com/id?1008633 https://exchange.xforce.ibmcloud.com/vulnerabilities/14145 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1486
https://notcve.org/view.php?id=CVE-2003-1486
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7571 https://exchange.xforce.ibmcloud.com/vulnerabilities/12499 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1467
https://notcve.org/view.php?id=CVE-2003-1467
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7572 http://www.securityfocus.com/bid/7573 http://www.securityfocus.com/bid/7576 http://www.securityfocus.com/bid/7577 http://www.securityfocus.com/bid/7584 https://exchange.xforce.ibmcloud.com/vulnerabilities/12487 https://exchange.xforce.ibmcloud.com/vulnerabilities/12502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2003-1466
https://notcve.org/view.php?id=CVE-2003-1466
Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7581 http://www.securityfocus.com/bid/7583 •
CVSS: 10.0EPSS: 2%CPEs: 3EXPL: 0CVE-2003-1487
https://notcve.org/view.php?id=CVE-2003-1487
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7574 http://www.securityfocus.com/bid/7578 http://www.securityfocus.com/bid/7579 https://exchange.xforce.ibmcloud.com/vulnerabilities/12500 • CWE-20: Improper Input Validation •