Summary
This host is running Phorum and is prone to cross-site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade Phorum to 5.2.17 or later,
For updates refer to http://www.phorum.org/downloads.php
Insight
The flaw is due to input passed via the 'real_name' parameter to the 'control.php' script is not properly sanitised before being returned to the user.
Affected
Phorum version prior to 5.2.17
References
Severity
Classification
-
CVE CVE-2011-3392 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- 3Com NBX VoIP NetSet Detection