CVEDB API

Vulnerabilities

Vulnerable Software

Phorum: >> Phorum >> 3.2.6 Security Vulnerabilities

CVE-2004-2110

SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.

CVSS Score

7.5

EPSS Score

0.004

Published

2004-12-31

CVE-2004-1822

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.

CVSS Score

4.3

EPSS Score

0.013

Published

2004-03-15

CVE-2004-0034

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.

CVSS Score

4.3

EPSS Score

0.01

Published

2004-01-20

CVE-2004-0035

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.

CVSS Score

7.5

EPSS Score

0.006

Published

2004-01-20

CVE-2003-1467

Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS Score

4.3

EPSS Score

0.006

Published

2003-12-31

CVE-2003-0283

Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.

CVSS Score

6.8

EPSS Score

0.007

Published

2003-06-16

Page 3

Vulnerabilities

Vulnerable Software

Phorum: >> Phorum >> 3.2.6 Security Vulnerabilities

Products

Pricing

Contact Us