Phorum Security Vulnerabilities and Issues — Page 2 of Phorum CVE List

Lucene search

PhorumPhorum

56 matches found

CVE•added 2009/02/09 8:30 p.m.•32 views

CVE-2009-0488

Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00225EPSS

CVE•added 2011/09/08 6:55 p.m.•32 views

CVE-2011-3382

Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.8AI score0.00254EPSS

CVE•added 2011/09/24 12:55 a.m.•32 views

CVE-2011-3768

Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.

5CVSS6.3AI score0.00319EPSS

CVE•added 2007/10/24 11:0 p.m.•31 views

CVE-2003-1487

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

10CVSS8.1AI score0.06448EPSS

CVE•added 2005/05/10 4:0 a.m.•31 views

CVE-2004-1822

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.

4.3CVSS6AI score0.01301EPSS

CVE•added 2008/03/24 11:44 p.m.•31 views

CVE-2008-1486

SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.

6.8CVSS8.4AI score0.00371EPSS

Total number of security vulnerabilities56