4.3

CVE-2004-1822

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhorumPhorum Version3.1
PhorumPhorum Version3.1.1
PhorumPhorum Version3.1.1_pre
PhorumPhorum Version3.1.1_rc2
PhorumPhorum Version3.1.1a
PhorumPhorum Version3.1.2
PhorumPhorum Version3.2
PhorumPhorum Version3.2.2
PhorumPhorum Version3.2.3
PhorumPhorum Version3.2.3a
PhorumPhorum Version3.2.3b
PhorumPhorum Version3.2.4
PhorumPhorum Version3.2.5
PhorumPhorum Version3.2.6
PhorumPhorum Version3.2.7
PhorumPhorum Version3.2.8
PhorumPhorum Version3.3.1
PhorumPhorum Version3.3.1a
PhorumPhorum Version3.3.2
PhorumPhorum Version3.3.2a
PhorumPhorum Version3.3.2b3
PhorumPhorum Version3.4
PhorumPhorum Version3.4.1
PhorumPhorum Version3.4.2
PhorumPhorum Version3.4.3
PhorumPhorum Version3.4.4
PhorumPhorum Version3.4.5
PhorumPhorum Version3.4.6
PhorumPhorum Version5.0.3_beta
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.52% 0.828
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=107939479713136&w=2
http://phorum.org/changelog.txt
Vendor Advisory
http://secunia.com/advisories/11157
Patch
Vendor Advisory
http://securitytracker.com/id?1009433
http://www.osvdb.org/4333
http://www.osvdb.org/4334
http://www.osvdb.org/4335
http://www.securityfocus.com/bid/9882
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15494