4.3

CVE-2005-2836

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhorumPhorum Version3.1
PhorumPhorum Version3.1.1
PhorumPhorum Version3.1.1_pre
PhorumPhorum Version3.1.1_rc2
PhorumPhorum Version3.1.1a
PhorumPhorum Version3.1.2
PhorumPhorum Version3.2
PhorumPhorum Version3.2.2
PhorumPhorum Version3.2.3
PhorumPhorum Version3.2.3a
PhorumPhorum Version3.2.3b
PhorumPhorum Version3.2.4
PhorumPhorum Version3.2.5
PhorumPhorum Version3.2.6
PhorumPhorum Version3.2.7
PhorumPhorum Version3.2.8
PhorumPhorum Version3.3.1
PhorumPhorum Version3.3.1a
PhorumPhorum Version3.3.2
PhorumPhorum Version3.3.2a
PhorumPhorum Version3.3.2b3
PhorumPhorum Version3.4
PhorumPhorum Version3.4.1
PhorumPhorum Version3.4.2
PhorumPhorum Version3.4.3
PhorumPhorum Version3.4.4
PhorumPhorum Version3.4.5
PhorumPhorum Version3.4.6
PhorumPhorum Version3.4.7
PhorumPhorum Version3.4.8
PhorumPhorum Version4.3.7
PhorumPhorum Version5.0.3_beta
PhorumPhorum Version5.0.7_beta
PhorumPhorum Version5.0.9
PhorumPhorum Version5.0.10
PhorumPhorum Version5.0.11
PhorumPhorum Version5.0.12
PhorumPhorum Version5.0.14
PhorumPhorum Version5.0.14a
PhorumPhorum Version5.0.15
PhorumPhorum Version5.0.16
PhorumPhorum Version5.0.17
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.596
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.