ID OPENVAS:1361412562310902179 Type openvas Reporter Copyright (C) 2010 SecPod Modified 2020-05-08T00:00:00
Description
This host is running Phorum and is prone to cross-site
scripting vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
#
# Phorum Cross-Site Scripting Vulnerability
#
# Authors:
# Antu Sanadi <santu@secpod.com>
#
# Copyright:
# Copyright (C) 2010 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.902179");
script_version("2020-05-08T08:34:44+0000");
script_tag(name:"last_modification", value:"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)");
script_tag(name:"creation_date", value:"2010-05-25 13:56:16 +0200 (Tue, 25 May 2010)");
script_cve_id("CVE-2010-1629");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_name("Phorum Cross-Site Scripting Vulnerability");
script_xref(name:"URL", value:"http://www.facebook.com/note.php?note_id=371190874581");
script_xref(name:"URL", value:"http://www.openwall.com/lists/oss-security/2010/05/16/2");
script_xref(name:"URL", value:"http://www.openwall.com/lists/oss-security/2010/05/18/11");
script_tag(name:"qod_type", value:"remote_banner");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 SecPod");
script_family("Web application abuses");
script_dependencies("phorum_detect.nasl");
script_require_ports("Services/www", 80);
script_mandatory_keys("phorum/detected");
script_tag(name:"impact", value:"Successful exploitation will allow attacker to execute arbitrary code in
the context of an application.");
script_tag(name:"affected", value:"Phorum version prior to 5.2.15.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"solution", value:"Upgrade Phorum to 5.2.15 or later.");
script_tag(name:"summary", value:"This host is running Phorum and is prone to cross-site
scripting vulnerability.");
script_tag(name:"insight", value:"The flaw is due to error in handling email address.
NOTE: Further information is not available.");
exit(0);
}
include("http_func.inc");
include("version_func.inc");
phorumPort = http_get_port(default:80);
phorumVer = get_kb_item(string("www/", phorumPort, "/phorum"));
phorumVer = eregmatch(pattern:"^(.+) under (/.*)$", string:phorumVer);
if(!phorumVer[1]){
exit(0);
}
if(version_is_less(version:phorumVer[1], test_version:"5.2.15")){
report = report_fixed_ver(installed_version:phorumVer[1], fixed_version:"5.2.15");
security_message(port:phorumPort, data:report);
}
{"id": "OPENVAS:1361412562310902179", "type": "openvas", "bulletinFamily": "scanner", "title": "Phorum Cross-Site Scripting Vulnerability", "description": "This host is running Phorum and is prone to cross-site\n scripting vulnerability.", "published": "2010-05-25T00:00:00", "modified": "2020-05-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310902179", "reporter": "Copyright (C) 2010 SecPod", "references": ["http://www.openwall.com/lists/oss-security/2010/05/16/2", "http://www.facebook.com/note.php?note_id=371190874581", "http://www.openwall.com/lists/oss-security/2010/05/18/11"], "cvelist": ["CVE-2010-1629"], "lastseen": "2020-05-12T17:33:19", "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1629"]}, {"type": "openvas", "idList": ["OPENVAS:902179"]}], "modified": "2020-05-12T17:33:19", "rev": 2}, "score": {"value": 4.8, "vector": "NONE", "modified": "2020-05-12T17:33:19", "rev": 2}, "vulnersScore": 4.8}, "pluginID": "1361412562310902179", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Phorum Cross-Site Scripting Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.902179\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-05-25 13:56:16 +0200 (Tue, 25 May 2010)\");\n script_cve_id(\"CVE-2010-1629\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Phorum Cross-Site Scripting Vulnerability\");\n script_xref(name:\"URL\", value:\"http://www.facebook.com/note.php?note_id=371190874581\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2010/05/16/2\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2010/05/18/11\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"phorum_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"phorum/detected\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to execute arbitrary code in\n the context of an application.\");\n\n script_tag(name:\"affected\", value:\"Phorum version prior to 5.2.15.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Upgrade Phorum to 5.2.15 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is running Phorum and is prone to cross-site\n scripting vulnerability.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to error in handling email address.\n\n NOTE: Further information is not available.\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nphorumPort = http_get_port(default:80);\n\nphorumVer = get_kb_item(string(\"www/\", phorumPort, \"/phorum\"));\nphorumVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:phorumVer);\nif(!phorumVer[1]){\n exit(0);\n}\n\nif(version_is_less(version:phorumVer[1], test_version:\"5.2.15\")){\n report = report_fixed_ver(installed_version:phorumVer[1], fixed_version:\"5.2.15\");\n security_message(port:phorumPort, data:report);\n}\n", "naslFamily": "Web application abuses", "immutableFields": []}
{"cve": [{"lastseen": "2021-04-21T20:54:17", "description": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.", "edition": 7, "cvss3": {}, "published": "2010-05-19T22:30:00", "title": "CVE-2010-1629", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1629"], "modified": "2010-05-26T05:48:00", "cpe": ["cpe:/a:phorum:phorum:5.0.16", "cpe:/a:phorum:phorum:5.0.7_beta", "cpe:/a:phorum:phorum:5.2.2", "cpe:/a:phorum:phorum:5.0.14a", "cpe:/a:phorum:phorum:5.0.19", "cpe:/a:phorum:phorum:5.0.3_beta", "cpe:/a:phorum:phorum:3.4.2", "cpe:/a:phorum:phorum:3.2.3b", "cpe:/a:phorum:phorum:5.0.1_alpha", "cpe:/a:phorum:phorum:5.2.8", "cpe:/a:phorum:phorum:5.2.13", "cpe:/a:phorum:phorum:3.4.1", "cpe:/a:phorum:phorum:5.0.10", "cpe:/a:phorum:phorum:3.2.8", "cpe:/a:phorum:phorum:5.0.11", "cpe:/a:phorum:phorum:3.4.6", "cpe:/a:phorum:phorum:3.2.2", "cpe:/a:phorum:phorum:5.2", "cpe:/a:phorum:phorum:5.0.0_alpha", "cpe:/a:phorum:phorum:5.2.4", "cpe:/a:phorum:phorum:3.1.1_rc2", "cpe:/a:phorum:phorum:5.2.3", "cpe:/a:phorum:phorum:5.0.13a", "cpe:/a:phorum:phorum:3.1.1a", "cpe:/a:phorum:phorum:3.4.8", "cpe:/a:phorum:phorum:5.2.5", "cpe:/a:phorum:phorum:3.2.6", "cpe:/a:phorum:phorum:5.2.1", "cpe:/a:phorum:phorum:3.4.7", "cpe:/a:phorum:phorum:5.2.11", "cpe:/a:phorum:phorum:5.0.15a", "cpe:/a:phorum:phorum:3.1.1", "cpe:/a:phorum:phorum:3.2.3a", "cpe:/a:phorum:phorum:5.0.7a_beta", "cpe:/a:phorum:phorum:3.1.2", "cpe:/a:phorum:phorum:5.0.5_beta", "cpe:/a:phorum:phorum:5.0.14", "cpe:/a:phorum:phorum:5.1.13", "cpe:/a:phorum:phorum:5.1.18", "cpe:/a:phorum:phorum:5.0.4a_beta", "cpe:/a:phorum:phorum:5.1.21", "cpe:/a:phorum:phorum:3.1", "cpe:/a:phorum:phorum:3.2.7", "cpe:/a:phorum:phorum:5.0.17", "cpe:/a:phorum:phorum:3.4.3", "cpe:/a:phorum:phorum:3.1.1_pre", "cpe:/a:phorum:phorum:5.0.12", "cpe:/a:phorum:phorum:3.4.4", "cpe:/a:phorum:phorum:5.0.13", "cpe:/a:phorum:phorum:5.0.4_beta", "cpe:/a:phorum:phorum:3.2.5", "cpe:/a:phorum:phorum:3.3.2b3", "cpe:/a:phorum:phorum:5.0.15", "cpe:/a:phorum:phorum:5.2.10", "cpe:/a:phorum:phorum:3.3.2", "cpe:/a:phorum:phorum:5.0.18", "cpe:/a:phorum:phorum:3.4.5", "cpe:/a:phorum:phorum:3.3.2a", "cpe:/a:phorum:phorum:5.1.14", "cpe:/a:phorum:phorum:3.0.7", "cpe:/a:phorum:phorum:3.2.3", "cpe:/a:phorum:phorum:3.2", "cpe:/a:phorum:phorum:5.1.17", "cpe:/a:phorum:phorum:5.0.20", "cpe:/a:phorum:phorum:3.4.8a", "cpe:/a:phorum:phorum:3.4", "cpe:/a:phorum:phorum:4.3.7", "cpe:/a:phorum:phorum:5.0.2_alpha", "cpe:/a:phorum:phorum:5.2.12a", "cpe:/a:phorum:phorum:3.3.1a", "cpe:/a:phorum:phorum:5.2.14", "cpe:/a:phorum:phorum:5.2.12", "cpe:/a:phorum:phorum:5.2.9", "cpe:/a:phorum:phorum:5.0.9", "cpe:/a:phorum:phorum:3.2.4", "cpe:/a:phorum:phorum:5.0.6_beta", "cpe:/a:phorum:phorum:5.1.20", "cpe:/a:phorum:phorum:5.0.8_rc", "cpe:/a:phorum:phorum:5.1.25", "cpe:/a:phorum:phorum:3.3.1", "cpe:/a:phorum:phorum:5.0.17a"], "id": "CVE-2010-1629", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1629", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.13:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.10:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:4.3.7:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.11:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.14:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.12a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.12:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.10:rc1:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.2.9:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*", "cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:09:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1629"], "description": "This host is running Phorum and is prone to cross-site\n scripting vulnerability.", "modified": "2017-02-23T00:00:00", "published": "2010-05-25T00:00:00", "id": "OPENVAS:902179", "href": "http://plugins.openvas.org/nasl.php?oid=902179", "type": "openvas", "title": "Phorum Cross-Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_phorum_xss_vuln.nasl 5401 2017-02-23 09:46:07Z teissa $\n#\n# Phorum Cross-Site Scripting Vulnerability\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_insight = \"The flaw is due to error in handling email address.\n\n NOTE: Further information is not available.\";\n\ntag_impact = \"Successful exploitation will allow attacker to execute arbitrary code in\n the context of an application.\n Impact Level: Application\";\ntag_affected = \"Phorum version prior to 5.2.15\";\ntag_solution = \"Upgrade Phorum to 5.2.15 or later,\n For updates refer to http://www.phorum.org/downloads.php\";\ntag_summary = \"This host is running Phorum and is prone to cross-site\n scripting vulnerability.\";\n\nif(description)\n{\n script_id(902179);\n script_version(\"$Revision: 5401 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-23 10:46:07 +0100 (Thu, 23 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-05-25 13:56:16 +0200 (Tue, 25 May 2010)\");\n script_cve_id(\"CVE-2010-1629\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Phorum Cross-Site Scripting Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://www.facebook.com/note.php?note_id=371190874581\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2010/05/16/2\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2010/05/18/11\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 SecPod\");\n script_family(\"Web application abuses\");\n script_dependencies(\"phorum_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"insight\" , value : tag_insight);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nphorumPort = get_http_port(default:80);\nif(!phorumPort){\n exit(0);\n}\n\nphorumVer = get_kb_item(string(\"www/\", phorumPort, \"/phorum\"));\nphorumVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:phorumVer);\nif(!phorumVer[1]){\n exit(0);\n}\n\n# Check for Phorum Version < 5.2.15\nif(version_is_less(version:phorumVer[1], test_version:\"5.2.15\")){\n security_message(phorumPort);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
