VULHUB ™

It is reported that Phorum is prone to a cross-site scripting vulnerability and an SQL injection vulnerability. These issues are due to a failure of the application to properly sanitize user-supplied input. The cross-site scripting issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. Successful exploitation of the SQL injection vulnerability could result in the compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation. These vulnerabilities were reported to affect version 5.0.11, but other versions may also be affected.

It is reported that Phorum is prone to a cross-site scripting vulnerability and an SQL injection vulnerability. These issues are due to a failure of the application to properly sanitize user-supplied input. The cross-site scripting issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks. Successful exploitation of the SQL injection vulnerability could result in the compromise of the application, disclosure or modification of data or may permit an attacker to exploit vulnerabilities in the underlying database implementation. These vulnerabilities were reported to affect version 5.0.11, but other versions may also be affected.