Lucene search
High-Tech BridgeHTB23109HistoryAug 08, 2012 - 12:00 a.m.
Cross-Site Scripting (XSS) in Phorum
2012-08-0800:00:00
High-Tech Bridge
www.htbridge.com
28
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.01 Low
EPSS
Percentile
81.7%
High-Tech Bridge Security Research Lab discovered vulnerability in Phorum, which can be exploited to perform Cross-Site Scripting (XSS) attacks.
- Cross-Site Scripting (XSS) in Phorum: CVE-2012-4234
Input passed via the “group” GET parameter to /control.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in user’s browser session in context of an affected website.
The following PoC demonstrates the vulnerability:
http://[host]/control.php?0,panel=groupmod,group=%22%3E%3Cscript%3Ealert%28d ocument.cookie%29;%3C/script%3E
Related
packetstorm
packetstorm
Phorum 5.2.18 Cross Site Scripting
2012-08-30 00:00:00
prion
prion
Cross site scripting
2014-09-04 14:55:00
securityvulns
securityvulns
Cross-Site Scripting (XSS) in Phorum
2012-09-02 00:00:00
cve
cve
CVE-2012-4234
2014-09-04 14:55:00
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.01 Low
EPSS
Percentile
81.7%
Related for HTB23109