CVE-2004-1822
published 2004-03-15CVE-2004-1822: Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.52%
82.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
| phorum | phorum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Phorum 3.x - 'profile.php?target' Cross-Site Scripting
exploitdb·2004-03-15
CVE-2004-1822 Phorum 3.x - 'profile.php?target' Cross-Site Scripting
Phorum 3.x - 'profile.php?target' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9882/info
It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidden variables named 'f' and 'target', which are passed user-supplied input values from HTTP_REFERER without proper sanitization.
Phorum versions 5.0.3 Beta and prior are reported to be vulnerable to this issue.
profile.php?id=2&action=edit&target=[XSS]
Exploit-DB
Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting
exploitdb·2004-03-15
CVE-2004-1822 Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting
Phorum 3.x - 'login.php' HTTP_REFERER Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9882/info
It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidden variables named 'f' and 'target', which are passed user-supplied input values from HTTP_REFERER without proper sanitization.
Phorum versions 5.0.3 Beta and prior are reported to be vulnerable to this issue.
login.php?HTTP_REFERER=[XSS]
Exploit-DB
Phorum 3.x - 'register.php' HTTP_REFERER Cross-Site Scripting
exploitdb·2004-03-15
CVE-2004-1822 Phorum 3.x - 'register.php' HTTP_REFERER Cross-Site Scripting
Phorum 3.x - 'register.php' HTTP_REFERER Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/9882/info
It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidden variables named 'f' and 'target', which are passed user-supplied input values from HTTP_REFERER without proper sanitization.
Phorum versions 5.0.3 Beta and prior are reported to be vulnerable to this issue.
register.php?&HTTP_REFERER=[XSS]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=107939479713136&w=2http://phorum.org/changelog.txthttp://secunia.com/advisories/11157http://securitytracker.com/id?1009433http://www.osvdb.org/4333http://www.osvdb.org/4334http://www.osvdb.org/4335http://www.securityfocus.com/bid/9882https://exchange.xforce.ibmcloud.com/vulnerabilities/15494http://marc.info/?l=bugtraq&m=107939479713136&w=2http://phorum.org/changelog.txthttp://secunia.com/advisories/11157http://securitytracker.com/id?1009433http://www.osvdb.org/4333http://www.osvdb.org/4334http://www.osvdb.org/4335http://www.securityfocus.com/bid/9882https://exchange.xforce.ibmcloud.com/vulnerabilities/15494
2004-03-15
Published