Phorum 'image/bmp' MIME Type HTML Injection Vulnerability Network Vulnerability

Summary

According to its version number, the remote version of Phorum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user other attacks are also possible.

Solution

The vendor has released updates. Please see http://www.phorum.org/ for more information.

References

http://www.securityfocus.com/bid/35134

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
@Mail WebMail Email Body HTML Injection Vulnerability
Apache Tiles Multiple XSS Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Admidio get_file.php Remote File Disclosure Vulnerability

Take action and discover your vulnerabilities