CVE Tools

phorum

Web & CMS Pluginsoss-project

50

Cumulative CVEs

18

Monthly snapshots

#6

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting phorum.

CVE-2011-3622A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.6.1Jan 22, 2020
CVE-2012-6659Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.4.3Sep 19, 2014
CVE-2012-4234Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML vi...4.3Sep 4, 2014
CVE-2011-4561Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these deta...4.3Nov 28, 2011
CVE-2011-3768Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and c...5.0Sep 24, 2011
CVE-2011-3392Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.4.3Sep 8, 2011
CVE-2011-3382Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3Sep 8, 2011
CVE-2011-3381Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.6.8Sep 8, 2011
CVE-2010-1629Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.4.3May 19, 2010
CVE-2009-0488Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3Feb 9, 2009
CVE-2008-4513Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.4.3Oct 9, 2008
CVE-2008-1486SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.6.8Mar 24, 2008
CVE-2002-2340Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.4.3Oct 29, 2007
CVE-2003-1487Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program...10.0Oct 24, 2007
CVE-2003-1486Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) ...5.0Oct 24, 2007