Phorum Multiple BBCode HTML Injection Vulnerabilities Network Vulnerability

Summary

Phorum is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie- based authentication credentials and to control how the site is rendered to the user other attacks are also possible. Versions prior to Phorum 5.2.12a are vulnerable.

Solution

Vendor fixes are available. Please see the references for details.

References

http://www.phorum.org/
http://www.phorum.org/phorum5/read.php?64
http://www.securityfocus.com/archive/1/505186
http://www.securityfocus.com/bid/35777

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
AlienForm CGI script
Apache Tomcat source.jsp malformed request information disclosure

Take action and discover your vulnerabilities