VULHUB ™

It has been reported that ProjectForum may be prone to an HTML injection vulnerability that may allow a remote attacker to execute HTML and script code in a user's browser. The problem is reported to exist due to improper sanitizing of user-supplied data in the administrator login page, the find function, and the error page. ProjectForum versions 8.4.2.1 and prior have been reported to be prone to this issue. It has also been reported that CourseForum, a similar application which uses the same engine as ProjectForum, is also vulnerable to these attacks. Specific versions of the software have not been identified therefore this BID will be updated as more information becomes available.

It has been reported that ProjectForum may be prone to an HTML injection vulnerability that may allow a remote attacker to execute HTML and script code in a user's browser. The problem is reported to exist due to improper sanitizing of user-supplied data in the administrator login page, the find function, and the error page. ProjectForum versions 8.4.2.1 and prior have been reported to be prone to this issue. It has also been reported that CourseForum, a similar application which uses the same engine as ProjectForum, is also vulnerable to these attacks. Specific versions of the software have not been identified therefore this BID will be updated as more information becomes available.