Phorum 3.4 Email Subject Line Script Injection Vulnerability

2014-07-01T00:00:00
ID SSV:76253
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/7262/info

It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line (or other fields) before sending an email to the target victim. 

"><script>alert("Vulnerable");</script>