Phorum 'real_name' Parameter Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Phorum and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade Phorum to 5.2.17 or later, For updates refer to http://www.phorum.org/downloads.php

Insight

The flaw is due to input passed via the 'real_name' parameter to the 'control.php' script is not properly sanitised before being returned to the user.

Affected

Phorum version prior to 5.2.17

References

http://holisticinfosec.org/content/view/184/45/
http://secunia.com/advisories/45787
http://xforce.iss.net/xforce/xfdb/69456

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3392

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
An Image Gallery Directory Traversal Vulnerability

Take action and discover your vulnerabilities