RSS   Vulnerabilities for 'Phorum'   RSS

2020-01-22
 
CVE-2011-3622

CWE-79
 

 
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.

 
2014-09-19
 
CVE-2012-6659

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

 
2014-09-04
 
CVE-2012-4234

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.

 
2011-11-28
 
CVE-2011-4561

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.

 
2011-09-23
 
CVE-2011-3768

CWE-200
 

 
Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.

 
2011-09-08
 
CVE-2011-3392

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.

 
 
CVE-2011-3382

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
 
CVE-2011-3381

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

 
2010-05-19
 
CVE-2010-1629

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.

 
2009-02-09
 
CVE-2009-0488

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 


Copyright 2024, cxsecurity.com

 

Back to Top