Vulnerability Details CVE-2003-0283
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.3%
CVSS Severity
CVSS v2 Score 6.8
References
- http://marc.info/?l=bugtraq&m=105251043821533&w=2
- http://marc.info/?l=bugtraq&m=105251421925394&w=2
- http://www.securityfocus.com/bid/7545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11974
- http://marc.info/?l=bugtraq&m=105251043821533&w=2
- http://marc.info/?l=bugtraq&m=105251421925394&w=2
- http://www.securityfocus.com/bid/7545
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11974
Products affected by CVE-2003-0283
-
cpe:2.3:a:phorum:phorum:-
-
cpe:2.3:a:phorum:phorum:3.0.7
-
cpe:2.3:a:phorum:phorum:3.1
-
cpe:2.3:a:phorum:phorum:3.1.1
-
cpe:2.3:a:phorum:phorum:3.1.2
-
cpe:2.3:a:phorum:phorum:3.2
-
cpe:2.3:a:phorum:phorum:3.2.11
-
cpe:2.3:a:phorum:phorum:3.2.2
-
cpe:2.3:a:phorum:phorum:3.2.3
-
cpe:2.3:a:phorum:phorum:3.2.4
-
cpe:2.3:a:phorum:phorum:3.2.5
-
cpe:2.3:a:phorum:phorum:3.2.6
-
cpe:2.3:a:phorum:phorum:3.2.7
-
cpe:2.3:a:phorum:phorum:3.2.8
-
cpe:2.3:a:phorum:phorum:3.3.1
-
cpe:2.3:a:phorum:phorum:3.3.2
-
cpe:2.3:a:phorum:phorum:3.4
-
cpe:2.3:a:phorum:phorum:3.4.1
-
cpe:2.3:a:phorum:phorum:3.4.2
-
cpe:2.3:a:phorum:phorum:3.4.3