CVE-2012-6659
https://notcve.org/view.php?id=CVE-2012-6659
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en la interfaz de administración en Phorum anterior a 5.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://secunia.com/advisories/50445 http://www.phorum.org/phorum5/read.php?64%2C151943 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-4234 – Phorum 5.2.18 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2012-4234
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter. Vulnerabilidad de XSS en la pantalla de la moderación de grupos en el centro de control (control.php) en Phorum anterior a 5.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro group. Phorum version 5.2.18 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/37683 http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html http://secunia.com/advisories/50445 http://www.phorum.org/phorum5/read.php?64%2C151943 http://www.securityfocus.com/bid/55275 https://exchange.xforce.ibmcloud.com/vulnerabilities/78124 https://www.htbridge.com/advisory/HTB23109 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2011-4561 – Phorum 5.2.18 - '/admin/index.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4561
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en admin.php en Phorum v5.2.18 permite a atacantes remotos inyectar HTML o secuencias de comandos web a través de la variable PATH_INFO para admin/index.php. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • https://www.exploit-db.com/exploits/36201 http://osvdb.org/76026 http://secunia.com/advisories/46282 http://www.rul3z.de/advisories/SSCHADV2011-023.txt http://www.securityfocus.com/archive/1/519991/100/0/threaded http://www.securityfocus.com/bid/49920 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •