Phorum 3.x profile.php target Parameter XSS

{"bulletinFamily": "exploit", "id": "EDB-ID:23820", "cvelist": ["CVE-2004-1822"], "modified": "2004-03-15T00:00:00", "lastseen": "2016-02-02T21:53:18", "edition": 1, "sourceData": "source: http://www.securityfocus.com/bid/9882/info\r\n \r\nIt has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidden variables named 'f' and 'target', which are passed user-supplied input values from HTTP_REFERER without proper sanitization.\r\n \r\nPhorum versions 5.0.3 Beta and prior are reported to be vulnerable to this issue.\r\n\r\nprofile.php?id=2&action=edit&target=[XSS]", "published": "2004-03-15T00:00:00", "href": "https://www.exploit-db.com/exploits/23820/", "osvdbidlist": ["4335"], "reporter": "JeiAr", "hash": "e572192a855a7d3e516adec531a4298c8c6d1a9543513f85aac3bab35f1a226f", "title": "Phorum 3.x profile.php target Parameter XSS", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Phorum 3.x profile.php target Parameter XSS. CVE-2004-1822. Webapps exploit for php platform", "references": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23820/", "enchantments": {"vulnersScore": 5.1}}

{"result": {"cve": [{"id": "CVE-2004-1822", "type": "cve", "title": "CVE-2004-1822", "description": "Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.", "published": "2004-03-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1822", "cvelist": ["CVE-2004-1822"], "lastseen": "2017-04-18T15:50:37"}], "exploitdb": [{"id": "EDB-ID:23819", "type": "exploitdb", "title": "Phorum 3.x login.php HTTP_REFERER XSS", "description": "Phorum 3.x login.php HTTP_REFERER XSS. CVE-2004-1822. Webapps exploit for php platform", "published": "2004-03-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/23819/", "cvelist": ["CVE-2004-1822"], "lastseen": "2016-02-02T21:53:09"}, {"id": "EDB-ID:23818", "type": "exploitdb", "title": "Phorum 3.x register.php HTTP_REFERER XSS", "description": "Phorum 3.x register.php HTTP_REFERER XSS. CVE-2004-1822. Webapps exploit for php platform", "published": "2004-03-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/23818/", "cvelist": ["CVE-2004-1822"], "lastseen": "2016-02-02T21:53:00"}], "seebug": [{"id": "SSV-77569", "type": "seebug", "title": "Phorum 3. x profile.php target Parameter XSS", "description": "Summary: \nPhorum 3. 1 to 5. 0. 3 beta there are multiple cross-site scripting vulnerability. A remote attacker by means of\uff081\uff09login. php HTTP_REFERER parameters, \uff082\uff09The register. php HTTP_REFERER parameters, or\uff083\uff09the profile. php target parameter to inject arbitrary web script or HTML.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-77569", "cvelist": ["CVE-2004-1822"], "lastseen": "2016-07-26T11:27:23"}, {"id": "SSV-77568", "type": "seebug", "title": "Phorum 3. x login.php HTTP_REFERER XSS", "description": "Summary: \nPhorum 3. 1 to 5. 0. 3 beta there are multiple cross-site scripting vulnerability. A remote attacker by means of\uff081\uff09login. php HTTP_REFERER parameters, \uff082\uff09The register. php HTTP_REFERER parameters, or\uff083\uff09the profile. php target parameter to inject arbitrary web script or HTML.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-77568", "cvelist": ["CVE-2004-1822"], "lastseen": "2016-07-26T11:04:26"}, {"id": "SSV-77567", "type": "seebug", "title": "Phorum 3. x register.php HTTP_REFERER XSS", "description": "Summary: \nPhorum 3. 1 to 5. 0. 3 beta there are multiple cross-site scripting vulnerability. A remote attacker by means of\uff081\uff09login. php HTTP_REFERER parameters, \uff082\uff09The register. php HTTP_REFERER parameters, or\uff083\uff09the profile. php target parameter to inject arbitrary web script or HTML.\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-77567", "cvelist": ["CVE-2004-1822"], "lastseen": "2016-08-06T04:37:03"}]}}