Search criteria
170 vulnerabilities found for phorum by phorum
FKIE_CVE-2011-3622
Vulnerability from fkie_nvd - Published: 2020-01-22 20:15 - Updated: 2024-11-21 01:30
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4777669E-4561-4BF5-858D-26417715EB8B",
"versionEndExcluding": "5.2.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Cross-Site Scripting (XSS) en la pantalla de inicio de sesi\u00f3n del administrador en Phorum versiones anteriores a 5.2.18."
}
],
"id": "CVE-2011-3622",
"lastModified": "2024-11-21T01:30:52.113",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-22T20:15:11.033",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/18/9"
},
{
"source": "secalert@redhat.com",
"url": "https://www.phorum.org/phorum5/read.php?64%2C149588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/18/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.phorum.org/phorum5/read.php?64%2C149588"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6659
Vulnerability from fkie_nvd - Published: 2014-09-19 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phorum | phorum | * | |
| phorum | phorum | 5.2 | |
| phorum | phorum | 5.2.1 | |
| phorum | phorum | 5.2.2 | |
| phorum | phorum | 5.2.3 | |
| phorum | phorum | 5.2.4 | |
| phorum | phorum | 5.2.5 | |
| phorum | phorum | 5.2.6 | |
| phorum | phorum | 5.2.7 | |
| phorum | phorum | 5.2.8 | |
| phorum | phorum | 5.2.9 | |
| phorum | phorum | 5.2.10 | |
| phorum | phorum | 5.2.10 | |
| phorum | phorum | 5.2.11 | |
| phorum | phorum | 5.2.12 | |
| phorum | phorum | 5.2.12 | |
| phorum | phorum | 5.2.13 | |
| phorum | phorum | 5.2.14 | |
| phorum | phorum | 5.2.15 | |
| phorum | phorum | 5.2.15 | |
| phorum | phorum | 5.2.16 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7658DEE-525F-4A02-9577-4830FFE9CB1F",
"versionEndIncluding": "5.2.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C4E79D-EBE6-456C-A74F-B94F32736383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3596808-8399-4EA9-B885-5443CA91C3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B5409C8A-8B57-48FB-B01E-411C00153E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DB422C-E79C-46B2-BB52-8C457822A0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "37881B2C-0CD0-4E2A-A11D-9758772640E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE61C7-E1DD-4DA9-B433-0C698C482C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A29F39E2-B0F1-483C-AFD5-9E95EEFBA8C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13E5E276-4567-4897-A663-496A7E1AD2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5E063A-F59F-4CEB-9950-2FE8D25FF9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A35F3F-6BBF-4B84-AE19-870F03C1E9DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "90FC064F-B462-47F8-880F-CB26A340477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D083445E-48ED-4666-98A8-932B01A0F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A79911F1-C1C3-4DD1-BA37-AFC77D7B0D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2200E549-30F8-4803-A570-FBF08B97B7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12:a:*:*:*:*:*:*",
"matchCriteriaId": "A94B0DAF-C8AC-483F-A280-CCF4B6D17BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D9876C40-4537-4622-90D5-175AB59609D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "51638139-DB4F-4B8C-B125-1FE9AFC86B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6362BDF1-A90C-40A8-A80C-024788426315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.15:a:*:*:*:*:*:*",
"matchCriteriaId": "211355E8-5707-4873-AE47-26DFE6061725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "61C297BC-DF74-42FD-957B-6130AEAA3A04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la interfaz de administraci\u00f3n en Phorum anterior a 5.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2012-6659",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-19T14:55:07.227",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50445"
},
{
"source": "cve@mitre.org",
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-4234
Vulnerability from fkie_nvd - Published: 2014-09-04 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7658DEE-525F-4A02-9577-4830FFE9CB1F",
"versionEndIncluding": "5.2.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C4E79D-EBE6-456C-A74F-B94F32736383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3596808-8399-4EA9-B885-5443CA91C3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "90FC064F-B462-47F8-880F-CB26A340477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D083445E-48ED-4666-98A8-932B01A0F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A79911F1-C1C3-4DD1-BA37-AFC77D7B0D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2200E549-30F8-4803-A570-FBF08B97B7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12:a:*:*:*:*:*:*",
"matchCriteriaId": "A94B0DAF-C8AC-483F-A280-CCF4B6D17BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D9876C40-4537-4622-90D5-175AB59609D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "51638139-DB4F-4B8C-B125-1FE9AFC86B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6362BDF1-A90C-40A8-A80C-024788426315",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.15:a:*:*:*:*:*:*",
"matchCriteriaId": "211355E8-5707-4873-AE47-26DFE6061725",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "61C297BC-DF74-42FD-957B-6130AEAA3A04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la pantalla de la moderaci\u00f3n de grupos en el centro de control (control.php) en Phorum anterior a 5.2.19 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro group."
}
],
"id": "CVE-2012-4234",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-09-04T14:55:09.600",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50445"
},
{
"source": "cve@mitre.org",
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/55275"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50445"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/55275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23109"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4561
Vulnerability from fkie_nvd - Published: 2011-11-28 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "02F08F6E-DDAB-40BD-9C60-80567C67F92D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en admin.php en Phorum v5.2.18 permite a atacantes remotos inyectar HTML o secuencias de comandos web a trav\u00e9s de la variable PATH_INFO para admin/index.php. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2011-4561",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-28T21:55:08.497",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/76026"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46282"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/519991/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/76026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/519991/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49920"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3768
Vulnerability from fkie_nvd - Published: 2011-09-24 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2F9B2A-BECA-4EE9-BDDA-4FE27CB8AE37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files."
},
{
"lang": "es",
"value": "Phorum v5.2.15a permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de una petici\u00f3n directa a un archivo .php, lo que revela la ruta de instalaci\u00f3n en un mensaje de error, como se demostr\u00f3 con css.php y algunos otros archivos."
}
],
"id": "CVE-2011-3768",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-24T00:55:01.990",
"references": [
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "cve@mitre.org",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70604"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3392
Vulnerability from fkie_nvd - Published: 2011-09-08 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "58668B6C-0B5A-416B-9CCB-27BA3885A32D",
"versionEndIncluding": "5.2.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "740F974F-D679-472C-966A-3E4C334E3C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32D7E47E-10F5-4F50-8940-951B2C0011CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16042FAE-7370-425C-8810-4F9363B7CAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A25A6F-62CA-4C76-9D4C-821B1E15FB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "6247DB0C-37B6-44EF-8B92-8CFCDA537039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "4C46298C-2492-4102-A264-E2A1D45AD423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2AD59F-42DF-407A-8FCA-E6E0067A2B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1044B-2101-4719-8749-17DD22F46055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E17261-A010-4929-99E5-A2511F205B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A461E2EB-9964-44DE-9C25-562D239201F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB6A4EC-D351-4EF8-8C6A-294A47DDCCC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "2B10230A-7D72-418E-8A29-E9F20762C43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "368C8142-836A-4FDB-9CD8-385FE06B9A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1470761E-DA6E-4D2A-B226-1ED782FB3654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB3ED23-821D-42FA-A24F-F2EDDA43D7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "88BA8736-5998-42E0-81E4-76E3669F8112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9811C9-EE92-4115-B81F-7A3030390BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A196AD2-7E48-40F4-923E-437FA76C97D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "91D147F0-FF83-4FF4-AEF1-71366E874876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87C46-D9EC-418B-9C8C-71E7149C72D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F6BE0A-7E2F-457D-B4BA-6BAE1B44E7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*",
"matchCriteriaId": "C990B390-4768-41B0-BB8B-A56C2524623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6650BE9D-5F4B-4B22-BD7E-ABCC067D5455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E0CA9-F6D4-4DD3-A3EA-F3A40965261B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F67B233-3087-43E6-94F2-5DF39FAA36B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7725AEF3-1C47-46B4-A35E-97152A84E731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F6C52C-F602-4C2A-8C8F-4A19DA41186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45F290E5-6508-4F62-8572-31B33750D341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6D941B5F-B704-4596-8739-BFE34225DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FF13359B-162A-41DF-BB4F-DDD6CA2752F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1AE057-A85C-49D9-981A-3314BD945D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC1F375-34EF-4FEC-B0F4-6A081B6A3B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E532A66-A12D-48DD-B405-2345E5B715C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "26E2C5A7-8B52-4BDF-80F1-5D45AEBE6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8DF602-0A22-45A9-A286-C237180701C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "AB109C36-BF0F-41E3-A1F4-0DB264BD4A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9A31EA2D-2B01-4928-9B3E-9D666FD2758B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E87DE16C-7C68-4DA8-9BD9-C61D74E61D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "5001527E-FE93-4BE7-BF79-7717D64CAF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D15ED599-6B84-4E03-8BA4-36E1D55F1F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D491A2B9-949A-4A56-A41F-23A222C03BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "01CFDB0B-6FBD-49F3-8238-81E92661297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "EC73A23F-2399-41B0-B6BD-289DF63F2C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59DD99-1FC7-498B-9EA1-1AA8FE132EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1655572D-7D56-4D9D-9E0F-A67DF23FC934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "387E0B83-B240-4922-8C57-CE0CDB000888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D02321D7-2F3E-40F9-9A76-CFF339C93199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3B908D49-F64A-488F-95F3-163AB9DAB02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*",
"matchCriteriaId": "1A26F8E5-0FFE-473D-BDA1-2D5340B5A4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF0655C-7C83-4363-A444-993B35D7A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D0F7C4-902D-4186-8EFF-3876D6D6633E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6F87C476-6A55-4B19-97B0-24204E96A63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0AC3E-97F7-4A13-8E65-7E424D055E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*",
"matchCriteriaId": "D184385A-763A-4971-8051-20564D020787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "04B508F8-CFCC-4841-BF70-1ABB28EB1ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C365D62D-ACB1-44D3-935D-F79A79642684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B45305-FF8B-42F8-A726-F8604BADC323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "70F4AB87-2D63-4208-8982-BBF978392285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "149A6B5A-84FC-4B6F-B053-0AC881BC03D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "375346D4-CEA4-4BAE-83DF-639E86C3DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6E0429-3241-47B0-B853-66D3167CE4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "121F0F96-F901-479F-A64F-3DAE1AC0AFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F837829B-28E5-41B3-9A23-C4D4A7FE636A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "700B9165-B956-4CAB-B980-42885FFA418F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C4E79D-EBE6-456C-A74F-B94F32736383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3596808-8399-4EA9-B885-5443CA91C3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B5409C8A-8B57-48FB-B01E-411C00153E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DB422C-E79C-46B2-BB52-8C457822A0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "37881B2C-0CD0-4E2A-A11D-9758772640E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE61C7-E1DD-4DA9-B433-0C698C482C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5E063A-F59F-4CEB-9950-2FE8D25FF9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A35F3F-6BBF-4B84-AE19-870F03C1E9DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "90FC064F-B462-47F8-880F-CB26A340477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D083445E-48ED-4666-98A8-932B01A0F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A79911F1-C1C3-4DD1-BA37-AFC77D7B0D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2200E549-30F8-4803-A570-FBF08B97B7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12a:*:*:*:*:*:*:*",
"matchCriteriaId": "2798D56A-BEBC-4EC0-ACA3-D0B9E8E4D61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D9876C40-4537-4622-90D5-175AB59609D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "51638139-DB4F-4B8C-B125-1FE9AFC86B21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6362BDF1-A90C-40A8-A80C-024788426315",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en control.php en controlcenter en Phorum antes de v5.2.17, permite a atacantes remotos ejecutar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro real_name."
}
],
"id": "CVE-2011-3392",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-08T18:55:06.737",
"references": [
{
"source": "cve@mitre.org",
"url": "http://holisticinfosec.org/content/view/184/45/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45787"
},
{
"source": "cve@mitre.org",
"url": "http://www.phorum.org/phorum5/read.php?64%2C149490%2C149490#msg-149490"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/49347"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69456"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://holisticinfosec.org/content/view/184/45/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phorum.org/phorum5/read.php?64%2C149490%2C149490#msg-149490"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69456"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3381
Vulnerability from fkie_nvd - Published: 2011-09-08 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38B3FD6E-D73A-4018-B4D5-158C0B288B1B",
"versionEndIncluding": "5.2.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "740F974F-D679-472C-966A-3E4C334E3C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32D7E47E-10F5-4F50-8940-951B2C0011CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16042FAE-7370-425C-8810-4F9363B7CAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A25A6F-62CA-4C76-9D4C-821B1E15FB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "6247DB0C-37B6-44EF-8B92-8CFCDA537039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "4C46298C-2492-4102-A264-E2A1D45AD423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2AD59F-42DF-407A-8FCA-E6E0067A2B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1044B-2101-4719-8749-17DD22F46055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E17261-A010-4929-99E5-A2511F205B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A461E2EB-9964-44DE-9C25-562D239201F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB6A4EC-D351-4EF8-8C6A-294A47DDCCC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "2B10230A-7D72-418E-8A29-E9F20762C43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "368C8142-836A-4FDB-9CD8-385FE06B9A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1470761E-DA6E-4D2A-B226-1ED782FB3654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB3ED23-821D-42FA-A24F-F2EDDA43D7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "88BA8736-5998-42E0-81E4-76E3669F8112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9811C9-EE92-4115-B81F-7A3030390BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A196AD2-7E48-40F4-923E-437FA76C97D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "91D147F0-FF83-4FF4-AEF1-71366E874876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87C46-D9EC-418B-9C8C-71E7149C72D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F6BE0A-7E2F-457D-B4BA-6BAE1B44E7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*",
"matchCriteriaId": "C990B390-4768-41B0-BB8B-A56C2524623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6650BE9D-5F4B-4B22-BD7E-ABCC067D5455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E0CA9-F6D4-4DD3-A3EA-F3A40965261B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F67B233-3087-43E6-94F2-5DF39FAA36B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7725AEF3-1C47-46B4-A35E-97152A84E731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F6C52C-F602-4C2A-8C8F-4A19DA41186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45F290E5-6508-4F62-8572-31B33750D341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6D941B5F-B704-4596-8739-BFE34225DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FF13359B-162A-41DF-BB4F-DDD6CA2752F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1AE057-A85C-49D9-981A-3314BD945D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC1F375-34EF-4FEC-B0F4-6A081B6A3B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E532A66-A12D-48DD-B405-2345E5B715C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "26E2C5A7-8B52-4BDF-80F1-5D45AEBE6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8DF602-0A22-45A9-A286-C237180701C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "AB109C36-BF0F-41E3-A1F4-0DB264BD4A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9A31EA2D-2B01-4928-9B3E-9D666FD2758B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E87DE16C-7C68-4DA8-9BD9-C61D74E61D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "5001527E-FE93-4BE7-BF79-7717D64CAF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D15ED599-6B84-4E03-8BA4-36E1D55F1F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D491A2B9-949A-4A56-A41F-23A222C03BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "01CFDB0B-6FBD-49F3-8238-81E92661297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "EC73A23F-2399-41B0-B6BD-289DF63F2C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59DD99-1FC7-498B-9EA1-1AA8FE132EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1655572D-7D56-4D9D-9E0F-A67DF23FC934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "387E0B83-B240-4922-8C57-CE0CDB000888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D02321D7-2F3E-40F9-9A76-CFF339C93199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3B908D49-F64A-488F-95F3-163AB9DAB02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*",
"matchCriteriaId": "1A26F8E5-0FFE-473D-BDA1-2D5340B5A4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF0655C-7C83-4363-A444-993B35D7A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D0F7C4-902D-4186-8EFF-3876D6D6633E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6F87C476-6A55-4B19-97B0-24204E96A63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0AC3E-97F7-4A13-8E65-7E424D055E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*",
"matchCriteriaId": "D184385A-763A-4971-8051-20564D020787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "04B508F8-CFCC-4841-BF70-1ABB28EB1ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C365D62D-ACB1-44D3-935D-F79A79642684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B45305-FF8B-42F8-A726-F8604BADC323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "70F4AB87-2D63-4208-8982-BBF978392285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "149A6B5A-84FC-4B6F-B053-0AC881BC03D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "375346D4-CEA4-4BAE-83DF-639E86C3DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6E0429-3241-47B0-B853-66D3167CE4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "121F0F96-F901-479F-A64F-3DAE1AC0AFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F837829B-28E5-41B3-9A23-C4D4A7FE636A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "700B9165-B956-4CAB-B980-42885FFA418F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C4E79D-EBE6-456C-A74F-B94F32736383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3596808-8399-4EA9-B885-5443CA91C3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B5409C8A-8B57-48FB-B01E-411C00153E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DB422C-E79C-46B2-BB52-8C457822A0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "37881B2C-0CD0-4E2A-A11D-9758772640E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE61C7-E1DD-4DA9-B433-0C698C482C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5E063A-F59F-4CEB-9950-2FE8D25FF9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A35F3F-6BBF-4B84-AE19-870F03C1E9DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "90FC064F-B462-47F8-880F-CB26A340477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D083445E-48ED-4666-98A8-932B01A0F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A79911F1-C1C3-4DD1-BA37-AFC77D7B0D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2200E549-30F8-4803-A570-FBF08B97B7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12a:*:*:*:*:*:*:*",
"matchCriteriaId": "2798D56A-BEBC-4EC0-ACA3-D0B9E8E4D61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D9876C40-4537-4622-90D5-175AB59609D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "51638139-DB4F-4B8C-B125-1FE9AFC86B21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Phorum antes de v5.2.16 permite a atacantes remotos secuestrar la autenticaci\u00f3n de victimas no especificadas a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2011-3381",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-08T18:55:01.677",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3382
Vulnerability from fkie_nvd - Published: 2011-09-08 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38B3FD6E-D73A-4018-B4D5-158C0B288B1B",
"versionEndIncluding": "5.2.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "740F974F-D679-472C-966A-3E4C334E3C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32D7E47E-10F5-4F50-8940-951B2C0011CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16042FAE-7370-425C-8810-4F9363B7CAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A25A6F-62CA-4C76-9D4C-821B1E15FB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "6247DB0C-37B6-44EF-8B92-8CFCDA537039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "4C46298C-2492-4102-A264-E2A1D45AD423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2AD59F-42DF-407A-8FCA-E6E0067A2B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1044B-2101-4719-8749-17DD22F46055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E17261-A010-4929-99E5-A2511F205B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A461E2EB-9964-44DE-9C25-562D239201F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB6A4EC-D351-4EF8-8C6A-294A47DDCCC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "2B10230A-7D72-418E-8A29-E9F20762C43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "368C8142-836A-4FDB-9CD8-385FE06B9A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1470761E-DA6E-4D2A-B226-1ED782FB3654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB3ED23-821D-42FA-A24F-F2EDDA43D7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "88BA8736-5998-42E0-81E4-76E3669F8112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9811C9-EE92-4115-B81F-7A3030390BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A196AD2-7E48-40F4-923E-437FA76C97D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "91D147F0-FF83-4FF4-AEF1-71366E874876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87C46-D9EC-418B-9C8C-71E7149C72D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F6BE0A-7E2F-457D-B4BA-6BAE1B44E7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*",
"matchCriteriaId": "C990B390-4768-41B0-BB8B-A56C2524623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6650BE9D-5F4B-4B22-BD7E-ABCC067D5455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E0CA9-F6D4-4DD3-A3EA-F3A40965261B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F67B233-3087-43E6-94F2-5DF39FAA36B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7725AEF3-1C47-46B4-A35E-97152A84E731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F6C52C-F602-4C2A-8C8F-4A19DA41186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45F290E5-6508-4F62-8572-31B33750D341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6D941B5F-B704-4596-8739-BFE34225DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FF13359B-162A-41DF-BB4F-DDD6CA2752F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1AE057-A85C-49D9-981A-3314BD945D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC1F375-34EF-4FEC-B0F4-6A081B6A3B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E532A66-A12D-48DD-B405-2345E5B715C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "26E2C5A7-8B52-4BDF-80F1-5D45AEBE6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8DF602-0A22-45A9-A286-C237180701C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "AB109C36-BF0F-41E3-A1F4-0DB264BD4A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9A31EA2D-2B01-4928-9B3E-9D666FD2758B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E87DE16C-7C68-4DA8-9BD9-C61D74E61D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "5001527E-FE93-4BE7-BF79-7717D64CAF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D15ED599-6B84-4E03-8BA4-36E1D55F1F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D491A2B9-949A-4A56-A41F-23A222C03BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "01CFDB0B-6FBD-49F3-8238-81E92661297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "EC73A23F-2399-41B0-B6BD-289DF63F2C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59DD99-1FC7-498B-9EA1-1AA8FE132EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1655572D-7D56-4D9D-9E0F-A67DF23FC934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "387E0B83-B240-4922-8C57-CE0CDB000888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D02321D7-2F3E-40F9-9A76-CFF339C93199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3B908D49-F64A-488F-95F3-163AB9DAB02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*",
"matchCriteriaId": "1A26F8E5-0FFE-473D-BDA1-2D5340B5A4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF0655C-7C83-4363-A444-993B35D7A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D0F7C4-902D-4186-8EFF-3876D6D6633E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6F87C476-6A55-4B19-97B0-24204E96A63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0AC3E-97F7-4A13-8E65-7E424D055E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*",
"matchCriteriaId": "D184385A-763A-4971-8051-20564D020787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "04B508F8-CFCC-4841-BF70-1ABB28EB1ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C365D62D-ACB1-44D3-935D-F79A79642684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B45305-FF8B-42F8-A726-F8604BADC323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "70F4AB87-2D63-4208-8982-BBF978392285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "149A6B5A-84FC-4B6F-B053-0AC881BC03D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "375346D4-CEA4-4BAE-83DF-639E86C3DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6E0429-3241-47B0-B853-66D3167CE4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "121F0F96-F901-479F-A64F-3DAE1AC0AFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F837829B-28E5-41B3-9A23-C4D4A7FE636A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "700B9165-B956-4CAB-B980-42885FFA418F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C4E79D-EBE6-456C-A74F-B94F32736383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3596808-8399-4EA9-B885-5443CA91C3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B5409C8A-8B57-48FB-B01E-411C00153E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DB422C-E79C-46B2-BB52-8C457822A0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "37881B2C-0CD0-4E2A-A11D-9758772640E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE61C7-E1DD-4DA9-B433-0C698C482C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5E063A-F59F-4CEB-9950-2FE8D25FF9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A35F3F-6BBF-4B84-AE19-870F03C1E9DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "90FC064F-B462-47F8-880F-CB26A340477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D083445E-48ED-4666-98A8-932B01A0F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A79911F1-C1C3-4DD1-BA37-AFC77D7B0D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2200E549-30F8-4803-A570-FBF08B97B7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12a:*:*:*:*:*:*:*",
"matchCriteriaId": "2798D56A-BEBC-4EC0-ACA3-D0B9E8E4D61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D9876C40-4537-4622-90D5-175AB59609D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "51638139-DB4F-4B8C-B125-1FE9AFC86B21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Phorum antes de v5.2.16, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-3382",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-08T18:55:01.723",
"references": [
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1629
Vulnerability from fkie_nvd - Published: 2010-05-19 22:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C90EF87-C07F-453B-880A-36F31CC9B9E4",
"versionEndIncluding": "5.2.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "740F974F-D679-472C-966A-3E4C334E3C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32D7E47E-10F5-4F50-8940-951B2C0011CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16042FAE-7370-425C-8810-4F9363B7CAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A25A6F-62CA-4C76-9D4C-821B1E15FB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "6247DB0C-37B6-44EF-8B92-8CFCDA537039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "4C46298C-2492-4102-A264-E2A1D45AD423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2AD59F-42DF-407A-8FCA-E6E0067A2B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1044B-2101-4719-8749-17DD22F46055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E17261-A010-4929-99E5-A2511F205B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A461E2EB-9964-44DE-9C25-562D239201F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB6A4EC-D351-4EF8-8C6A-294A47DDCCC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "2B10230A-7D72-418E-8A29-E9F20762C43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "368C8142-836A-4FDB-9CD8-385FE06B9A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1470761E-DA6E-4D2A-B226-1ED782FB3654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB3ED23-821D-42FA-A24F-F2EDDA43D7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "88BA8736-5998-42E0-81E4-76E3669F8112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9811C9-EE92-4115-B81F-7A3030390BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A196AD2-7E48-40F4-923E-437FA76C97D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "91D147F0-FF83-4FF4-AEF1-71366E874876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87C46-D9EC-418B-9C8C-71E7149C72D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F6BE0A-7E2F-457D-B4BA-6BAE1B44E7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*",
"matchCriteriaId": "C990B390-4768-41B0-BB8B-A56C2524623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6650BE9D-5F4B-4B22-BD7E-ABCC067D5455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E0CA9-F6D4-4DD3-A3EA-F3A40965261B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F67B233-3087-43E6-94F2-5DF39FAA36B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7725AEF3-1C47-46B4-A35E-97152A84E731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F6C52C-F602-4C2A-8C8F-4A19DA41186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45F290E5-6508-4F62-8572-31B33750D341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6D941B5F-B704-4596-8739-BFE34225DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FF13359B-162A-41DF-BB4F-DDD6CA2752F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1AE057-A85C-49D9-981A-3314BD945D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC1F375-34EF-4FEC-B0F4-6A081B6A3B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E532A66-A12D-48DD-B405-2345E5B715C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "26E2C5A7-8B52-4BDF-80F1-5D45AEBE6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8DF602-0A22-45A9-A286-C237180701C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "AB109C36-BF0F-41E3-A1F4-0DB264BD4A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9A31EA2D-2B01-4928-9B3E-9D666FD2758B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E87DE16C-7C68-4DA8-9BD9-C61D74E61D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "5001527E-FE93-4BE7-BF79-7717D64CAF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D15ED599-6B84-4E03-8BA4-36E1D55F1F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D491A2B9-949A-4A56-A41F-23A222C03BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "01CFDB0B-6FBD-49F3-8238-81E92661297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "EC73A23F-2399-41B0-B6BD-289DF63F2C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59DD99-1FC7-498B-9EA1-1AA8FE132EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1655572D-7D56-4D9D-9E0F-A67DF23FC934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "387E0B83-B240-4922-8C57-CE0CDB000888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D02321D7-2F3E-40F9-9A76-CFF339C93199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3B908D49-F64A-488F-95F3-163AB9DAB02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*",
"matchCriteriaId": "1A26F8E5-0FFE-473D-BDA1-2D5340B5A4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF0655C-7C83-4363-A444-993B35D7A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D0F7C4-902D-4186-8EFF-3876D6D6633E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6F87C476-6A55-4B19-97B0-24204E96A63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0AC3E-97F7-4A13-8E65-7E424D055E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*",
"matchCriteriaId": "D184385A-763A-4971-8051-20564D020787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "04B508F8-CFCC-4841-BF70-1ABB28EB1ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C365D62D-ACB1-44D3-935D-F79A79642684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B45305-FF8B-42F8-A726-F8604BADC323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "70F4AB87-2D63-4208-8982-BBF978392285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "149A6B5A-84FC-4B6F-B053-0AC881BC03D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "375346D4-CEA4-4BAE-83DF-639E86C3DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6E0429-3241-47B0-B853-66D3167CE4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "121F0F96-F901-479F-A64F-3DAE1AC0AFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F837829B-28E5-41B3-9A23-C4D4A7FE636A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "700B9165-B956-4CAB-B980-42885FFA418F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C4E79D-EBE6-456C-A74F-B94F32736383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3596808-8399-4EA9-B885-5443CA91C3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B5409C8A-8B57-48FB-B01E-411C00153E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DB422C-E79C-46B2-BB52-8C457822A0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "37881B2C-0CD0-4E2A-A11D-9758772640E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE61C7-E1DD-4DA9-B433-0C698C482C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5E063A-F59F-4CEB-9950-2FE8D25FF9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A35F3F-6BBF-4B84-AE19-870F03C1E9DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "90FC064F-B462-47F8-880F-CB26A340477E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D083445E-48ED-4666-98A8-932B01A0F9B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A79911F1-C1C3-4DD1-BA37-AFC77D7B0D90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "2200E549-30F8-4803-A570-FBF08B97B7CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.12a:*:*:*:*:*:*:*",
"matchCriteriaId": "2798D56A-BEBC-4EC0-ACA3-D0B9E8E4D61D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D9876C40-4537-4622-90D5-175AB59609D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en versiones de Phorum anteriores a la v5.2.15, permite a atacantes remotos inyectar c\u00f3digo web o HTML de su elecci\u00f3n a trav\u00e9s de una direcci\u00f3n de correo inv\u00e1lida."
}
],
"id": "CVE-2010-1629",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-19T22:30:01.020",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/64759"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.facebook.com/note.php?note_id=371190874581"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/05/16/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/64759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.facebook.com/note.php?note_id=371190874581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/05/16/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/11"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0488
Vulnerability from fkie_nvd - Published: 2009-02-09 20:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:phorum:phorum:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2536ED84-80A0-44D3-B16C-DBF47B901C8D",
"versionEndIncluding": "5.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "740F974F-D679-472C-966A-3E4C334E3C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32D7E47E-10F5-4F50-8940-951B2C0011CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16042FAE-7370-425C-8810-4F9363B7CAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A25A6F-62CA-4C76-9D4C-821B1E15FB1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "6247DB0C-37B6-44EF-8B92-8CFCDA537039",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "4C46298C-2492-4102-A264-E2A1D45AD423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2AD59F-42DF-407A-8FCA-E6E0067A2B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17E1044B-2101-4719-8749-17DD22F46055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E17261-A010-4929-99E5-A2511F205B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A461E2EB-9964-44DE-9C25-562D239201F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB6A4EC-D351-4EF8-8C6A-294A47DDCCC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "2B10230A-7D72-418E-8A29-E9F20762C43A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "368C8142-836A-4FDB-9CD8-385FE06B9A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1470761E-DA6E-4D2A-B226-1ED782FB3654",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB3ED23-821D-42FA-A24F-F2EDDA43D7B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "88BA8736-5998-42E0-81E4-76E3669F8112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9811C9-EE92-4115-B81F-7A3030390BD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A196AD2-7E48-40F4-923E-437FA76C97D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*",
"matchCriteriaId": "91D147F0-FF83-4FF4-AEF1-71366E874876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D87C46-D9EC-418B-9C8C-71E7149C72D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*",
"matchCriteriaId": "A7F6BE0A-7E2F-457D-B4BA-6BAE1B44E7D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*",
"matchCriteriaId": "C990B390-4768-41B0-BB8B-A56C2524623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6650BE9D-5F4B-4B22-BD7E-ABCC067D5455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E0CA9-F6D4-4DD3-A3EA-F3A40965261B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7F67B233-3087-43E6-94F2-5DF39FAA36B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7725AEF3-1C47-46B4-A35E-97152A84E731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3F6C52C-F602-4C2A-8C8F-4A19DA41186F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "45F290E5-6508-4F62-8572-31B33750D341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6D941B5F-B704-4596-8739-BFE34225DBA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FF13359B-162A-41DF-BB4F-DDD6CA2752F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1AE057-A85C-49D9-981A-3314BD945D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "EAC1F375-34EF-4FEC-B0F4-6A081B6A3B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E532A66-A12D-48DD-B405-2345E5B715C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "26E2C5A7-8B52-4BDF-80F1-5D45AEBE6E25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "0E8DF602-0A22-45A9-A286-C237180701C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*",
"matchCriteriaId": "AB109C36-BF0F-41E3-A1F4-0DB264BD4A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "9A31EA2D-2B01-4928-9B3E-9D666FD2758B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "E87DE16C-7C68-4DA8-9BD9-C61D74E61D6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "5001527E-FE93-4BE7-BF79-7717D64CAF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D15ED599-6B84-4E03-8BA4-36E1D55F1F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "D491A2B9-949A-4A56-A41F-23A222C03BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "01CFDB0B-6FBD-49F3-8238-81E92661297E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "EC73A23F-2399-41B0-B6BD-289DF63F2C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*",
"matchCriteriaId": "AD59DD99-1FC7-498B-9EA1-1AA8FE132EEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "1655572D-7D56-4D9D-9E0F-A67DF23FC934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "387E0B83-B240-4922-8C57-CE0CDB000888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "D02321D7-2F3E-40F9-9A76-CFF339C93199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3B908D49-F64A-488F-95F3-163AB9DAB02D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*",
"matchCriteriaId": "1A26F8E5-0FFE-473D-BDA1-2D5340B5A4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "0FF0655C-7C83-4363-A444-993B35D7A7EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D0F7C4-902D-4186-8EFF-3876D6D6633E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "6F87C476-6A55-4B19-97B0-24204E96A63E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*",
"matchCriteriaId": "83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "17D0AC3E-97F7-4A13-8E65-7E424D055E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*",
"matchCriteriaId": "D184385A-763A-4971-8051-20564D020787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "04B508F8-CFCC-4841-BF70-1ABB28EB1ABC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "C365D62D-ACB1-44D3-935D-F79A79642684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F4B45305-FF8B-42F8-A726-F8604BADC323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "70F4AB87-2D63-4208-8982-BBF978392285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "149A6B5A-84FC-4B6F-B053-0AC881BC03D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "375346D4-CEA4-4BAE-83DF-639E86C3DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3C6E0429-3241-47B0-B853-66D3167CE4F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "121F0F96-F901-479F-A64F-3DAE1AC0AFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "F837829B-28E5-41B3-9A23-C4D4A7FE636A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "700B9165-B956-4CAB-B980-42885FFA418F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C4E79D-EBE6-456C-A74F-B94F32736383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D3596808-8399-4EA9-B885-5443CA91C3C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "B5409C8A-8B57-48FB-B01E-411C00153E9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DB422C-E79C-46B2-BB52-8C457822A0BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "37881B2C-0CD0-4E2A-A11D-9758772640E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "66BE61C7-E1DD-4DA9-B433-0C698C482C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FB5E063A-F59F-4CEB-9950-2FE8D25FF9FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:phorum:phorum:5.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A35F3F-6BBF-4B84-AE19-870F03C1E9DC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Phorum anterior a v5.2.10 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores sin especificar."
}
],
"id": "CVE-2009-0488",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-02-09T20:30:02.750",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.phorum.org/phorum5/read.php?64%2C136129"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/33657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.phorum.org/phorum5/read.php?64%2C136129"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/33657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-3622 (GCVE-0-2011-3622)
Vulnerability from cvelistv5 – Published: 2020-01-22 19:48 – Updated: 2024-08-06 23:37
VLAI?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/18/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phorum.org/phorum5/read.php?64%2C149588"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phorum",
"vendor": "Phorum",
"versions": [
{
"status": "affected",
"version": "before 5.2.18"
}
]
}
],
"datePublic": "2011-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T19:48:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/18/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phorum.org/phorum5/read.php?64%2C149588"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phorum",
"version": {
"version_data": [
{
"version_value": "before 5.2.18"
}
]
}
}
]
},
"vendor_name": "Phorum"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/10/18/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/10/18/9"
},
{
"name": "https://www.phorum.org/phorum5/read.php?64,149588",
"refsource": "MISC",
"url": "https://www.phorum.org/phorum5/read.php?64,149588"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3622",
"datePublished": "2020-01-22T19:48:47",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6659 (GCVE-0-2012-6659)
Vulnerability from cvelistv5 – Published: 2014-09-19 14:00 – Updated: 2024-09-17 04:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50445"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-19T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50445"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50445"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,151943",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,151943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6659",
"datePublished": "2014-09-19T14:00:00Z",
"dateReserved": "2014-09-19T00:00:00Z",
"dateUpdated": "2024-09-17T04:19:39.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4234 (GCVE-0-2012-4234)
Vulnerability from cvelistv5 – Published: 2014-09-04 14:00 – Updated: 2024-08-06 20:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:28:07.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120829 Cross-Site Scripting (XSS) in Phorum",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23109"
},
{
"name": "50445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50445"
},
{
"name": "55275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55275"
},
{
"name": "phorum-group-xss(78124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120829 Cross-Site Scripting (XSS) in Phorum",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23109"
},
{
"name": "50445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50445"
},
{
"name": "55275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55275"
},
{
"name": "phorum-group-xss(78124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120829 Cross-Site Scripting (XSS) in Phorum",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23109",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23109"
},
{
"name": "50445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50445"
},
{
"name": "55275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55275"
},
{
"name": "phorum-group-xss(78124)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
},
{
"name": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,151943",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,151943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4234",
"datePublished": "2014-09-04T14:00:00",
"dateReserved": "2012-08-09T00:00:00",
"dateUpdated": "2024-08-06T20:28:07.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4561 (GCVE-0-2011-4561)
Vulnerability from cvelistv5 – Published: 2011-11-28 21:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49920",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49920"
},
{
"name": "76026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt"
},
{
"name": "20111003 Phorum 5.2.18 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519991/100/0/threaded"
},
{
"name": "46282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "49920",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49920"
},
{
"name": "76026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt"
},
{
"name": "20111003 Phorum 5.2.18 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519991/100/0/threaded"
},
{
"name": "46282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49920"
},
{
"name": "76026",
"refsource": "OSVDB",
"url": "http://osvdb.org/76026"
},
{
"name": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt",
"refsource": "MISC",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt"
},
{
"name": "20111003 Phorum 5.2.18 Cross-site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519991/100/0/threaded"
},
{
"name": "46282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4561",
"datePublished": "2011-11-28T21:00:00",
"dateReserved": "2011-11-28T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3768 (GCVE-0-2011-3768)
Vulnerability from cvelistv5 – Published: 2011-09-24 00:00 – Updated: 2024-08-06 23:46
VLAI?
Summary
Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phorum-css-path-disclosure(70604)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70604"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phorum-css-path-disclosure(70604)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70604"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phorum-css-path-disclosure(70604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70604"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3768",
"datePublished": "2011-09-24T00:00:00",
"dateReserved": "2011-09-23T00:00:00",
"dateUpdated": "2024-08-06T23:46:02.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3392 (GCVE-0-2011-3392)
Vulnerability from cvelistv5 – Published: 2011-09-08 18:00 – Updated: 2024-08-06 23:29
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/184/45/"
},
{
"name": "phorum-control-xss(69456)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69456"
},
{
"name": "49347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49347"
},
{
"name": "45787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C149490%2C149490#msg-149490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/184/45/"
},
{
"name": "phorum-control-xss(69456)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69456"
},
{
"name": "49347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49347"
},
{
"name": "45787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C149490%2C149490#msg-149490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/184/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/184/45/"
},
{
"name": "phorum-control-xss(69456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69456"
},
{
"name": "49347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49347"
},
{
"name": "45787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45787"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,149490,149490#msg-149490",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,149490,149490#msg-149490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3392",
"datePublished": "2011-09-08T18:00:00",
"dateReserved": "2011-09-08T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3381 (GCVE-0-2011-3381)
Vulnerability from cvelistv5 – Published: 2011-09-08 18:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#71435255",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"name": "JVNDB-2011-000068",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-08T18:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#71435255",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"name": "JVNDB-2011-000068",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71435255",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,147504",
"refsource": "MISC",
"url": "http://www.phorum.org/phorum5/read.php?64,147504"
},
{
"name": "JVNDB-2011-000068",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3381",
"datePublished": "2011-09-08T18:00:00Z",
"dateReserved": "2011-09-01T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:05.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3382 (GCVE-0-2011-3382)
Vulnerability from cvelistv5 – Published: 2011-09-08 18:00 – Updated: 2024-09-16 22:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#71435255",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"name": "JVNDB-2011-000068",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-08T18:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#71435255",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"name": "JVNDB-2011-000068",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71435255",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,147504",
"refsource": "MISC",
"url": "http://www.phorum.org/phorum5/read.php?64,147504"
},
{
"name": "JVNDB-2011-000068",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3382",
"datePublished": "2011-09-08T18:00:00Z",
"dateReserved": "2011-09-01T00:00:00Z",
"dateUpdated": "2024-09-16T22:20:49.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1629 (GCVE-0-2010-1629)
Vulnerability from cvelistv5 – Published: 2010-05-19 22:00 – Updated: 2024-08-07 01:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:42.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100518 Re: CVE request: phorum \u003c 5.2.15 backend XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/11"
},
{
"name": "[oss-security] 20100517 CVE request: phorum \u003c 5.2.15 backend XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/16/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=371190874581"
},
{
"name": "64759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100518 Re: CVE request: phorum \u003c 5.2.15 backend XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/11"
},
{
"name": "[oss-security] 20100517 CVE request: phorum \u003c 5.2.15 backend XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/16/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=371190874581"
},
{
"name": "64759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64759"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100518 Re: CVE request: phorum \u003c 5.2.15 backend XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/11"
},
{
"name": "[oss-security] 20100517 CVE request: phorum \u003c 5.2.15 backend XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/16/2"
},
{
"name": "http://www.facebook.com/note.php?note_id=371190874581",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=371190874581"
},
{
"name": "64759",
"refsource": "OSVDB",
"url": "http://osvdb.org/64759"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1629",
"datePublished": "2010-05-19T22:00:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T01:28:42.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0488 (GCVE-0-2009-0488)
Vulnerability from cvelistv5 – Published: 2009-02-09 20:00 – Updated: 2024-08-07 04:40
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:03.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "33657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C136129"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-01-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-02-17T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "33657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C136129"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33657"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,136129",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,136129"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0488",
"datePublished": "2009-02-09T20:00:00",
"dateReserved": "2009-02-09T00:00:00",
"dateUpdated": "2024-08-07T04:40:03.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3622 (GCVE-0-2011-3622)
Vulnerability from nvd – Published: 2020-01-22 19:48 – Updated: 2024-08-06 23:37
VLAI?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/18/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.phorum.org/phorum5/read.php?64%2C149588"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Phorum",
"vendor": "Phorum",
"versions": [
{
"status": "affected",
"version": "before 5.2.18"
}
]
}
],
"datePublic": "2011-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-22T19:48:47",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/10/18/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.phorum.org/phorum5/read.php?64%2C149588"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Phorum",
"version": {
"version_data": [
{
"version_value": "before 5.2.18"
}
]
}
}
]
},
"vendor_name": "Phorum"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openwall.com/lists/oss-security/2011/10/18/9",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/10/18/9"
},
{
"name": "https://www.phorum.org/phorum5/read.php?64,149588",
"refsource": "MISC",
"url": "https://www.phorum.org/phorum5/read.php?64,149588"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3622",
"datePublished": "2020-01-22T19:48:47",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6659 (GCVE-0-2012-6659)
Vulnerability from nvd – Published: 2014-09-19 14:00 – Updated: 2024-09-17 04:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.048Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "50445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50445"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-09-19T14:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "50445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50445"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50445"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,151943",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,151943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6659",
"datePublished": "2014-09-19T14:00:00Z",
"dateReserved": "2014-09-19T00:00:00Z",
"dateUpdated": "2024-09-17T04:19:39.204Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4234 (GCVE-0-2012-4234)
Vulnerability from nvd – Published: 2014-09-04 14:00 – Updated: 2024-08-06 20:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:28:07.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20120829 Cross-Site Scripting (XSS) in Phorum",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23109"
},
{
"name": "50445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50445"
},
{
"name": "55275",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55275"
},
{
"name": "phorum-group-xss(78124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20120829 Cross-Site Scripting (XSS) in Phorum",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23109"
},
{
"name": "50445",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50445"
},
{
"name": "55275",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55275"
},
{
"name": "phorum-group-xss(78124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C151943"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120829 Cross-Site Scripting (XSS) in Phorum",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-08/0189.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23109",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23109"
},
{
"name": "50445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50445"
},
{
"name": "55275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55275"
},
{
"name": "phorum-group-xss(78124)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78124"
},
{
"name": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/116057/Phorum-5.2.18-Cross-Site-Scripting.html"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,151943",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,151943"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4234",
"datePublished": "2014-09-04T14:00:00",
"dateReserved": "2012-08-09T00:00:00",
"dateUpdated": "2024-08-06T20:28:07.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4561 (GCVE-0-2011-4561)
Vulnerability from nvd – Published: 2011-11-28 21:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.944Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49920",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49920"
},
{
"name": "76026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76026"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt"
},
{
"name": "20111003 Phorum 5.2.18 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/519991/100/0/threaded"
},
{
"name": "46282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "49920",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49920"
},
{
"name": "76026",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76026"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt"
},
{
"name": "20111003 Phorum 5.2.18 Cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/519991/100/0/threaded"
},
{
"name": "46282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49920"
},
{
"name": "76026",
"refsource": "OSVDB",
"url": "http://osvdb.org/76026"
},
{
"name": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt",
"refsource": "MISC",
"url": "http://www.rul3z.de/advisories/SSCHADV2011-023.txt"
},
{
"name": "20111003 Phorum 5.2.18 Cross-site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/519991/100/0/threaded"
},
{
"name": "46282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4561",
"datePublished": "2011-11-28T21:00:00",
"dateReserved": "2011-11-28T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.944Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3768 (GCVE-0-2011-3768)
Vulnerability from nvd – Published: 2011-09-24 00:00 – Updated: 2024-08-06 23:46
VLAI?
Summary
Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:02.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "phorum-css-path-disclosure(70604)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70604"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "phorum-css-path-disclosure(70604)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70604"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phorum-css-path-disclosure(70604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70604"
},
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phorum-5.2.15a"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3768",
"datePublished": "2011-09-24T00:00:00",
"dateReserved": "2011-09-23T00:00:00",
"dateUpdated": "2024-08-06T23:46:02.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3392 (GCVE-0-2011-3392)
Vulnerability from nvd – Published: 2011-09-08 18:00 – Updated: 2024-08-06 23:29
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://holisticinfosec.org/content/view/184/45/"
},
{
"name": "phorum-control-xss(69456)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69456"
},
{
"name": "49347",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49347"
},
{
"name": "45787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C149490%2C149490#msg-149490"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://holisticinfosec.org/content/view/184/45/"
},
{
"name": "phorum-control-xss(69456)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69456"
},
{
"name": "49347",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49347"
},
{
"name": "45787",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C149490%2C149490#msg-149490"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://holisticinfosec.org/content/view/184/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/184/45/"
},
{
"name": "phorum-control-xss(69456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69456"
},
{
"name": "49347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49347"
},
{
"name": "45787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45787"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,149490,149490#msg-149490",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,149490,149490#msg-149490"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3392",
"datePublished": "2011-09-08T18:00:00",
"dateReserved": "2011-09-08T00:00:00",
"dateUpdated": "2024-08-06T23:29:56.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3381 (GCVE-0-2011-3381)
Vulnerability from nvd – Published: 2011-09-08 18:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#71435255",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"name": "JVNDB-2011-000068",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-08T18:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#71435255",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"name": "JVNDB-2011-000068",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71435255",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,147504",
"refsource": "MISC",
"url": "http://www.phorum.org/phorum5/read.php?64,147504"
},
{
"name": "JVNDB-2011-000068",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3381",
"datePublished": "2011-09-08T18:00:00Z",
"dateReserved": "2011-09-01T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:05.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3382 (GCVE-0-2011-3382)
Vulnerability from nvd – Published: 2011-09-08 18:00 – Updated: 2024-09-16 22:20
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:56.880Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#71435255",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"name": "JVNDB-2011-000068",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-08T18:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#71435255",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.phorum.org/phorum5/read.php?64%2C147504"
},
{
"name": "JVNDB-2011-000068",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71435255",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN71435255/index.html"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,147504",
"refsource": "MISC",
"url": "http://www.phorum.org/phorum5/read.php?64,147504"
},
{
"name": "JVNDB-2011-000068",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2011-3382",
"datePublished": "2011-09-08T18:00:00Z",
"dateReserved": "2011-09-01T00:00:00Z",
"dateUpdated": "2024-09-16T22:20:49.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1629 (GCVE-0-2010-1629)
Vulnerability from nvd – Published: 2010-05-19 22:00 – Updated: 2024-08-07 01:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:28:42.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20100518 Re: CVE request: phorum \u003c 5.2.15 backend XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/11"
},
{
"name": "[oss-security] 20100517 CVE request: phorum \u003c 5.2.15 backend XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/16/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.facebook.com/note.php?note_id=371190874581"
},
{
"name": "64759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-04-30T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20100518 Re: CVE request: phorum \u003c 5.2.15 backend XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/11"
},
{
"name": "[oss-security] 20100517 CVE request: phorum \u003c 5.2.15 backend XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/16/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.facebook.com/note.php?note_id=371190874581"
},
{
"name": "64759",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64759"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-1629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20100518 Re: CVE request: phorum \u003c 5.2.15 backend XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/18/11"
},
{
"name": "[oss-security] 20100517 CVE request: phorum \u003c 5.2.15 backend XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/05/16/2"
},
{
"name": "http://www.facebook.com/note.php?note_id=371190874581",
"refsource": "CONFIRM",
"url": "http://www.facebook.com/note.php?note_id=371190874581"
},
{
"name": "64759",
"refsource": "OSVDB",
"url": "http://osvdb.org/64759"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1629",
"datePublished": "2010-05-19T22:00:00",
"dateReserved": "2010-04-29T00:00:00",
"dateUpdated": "2024-08-07T01:28:42.109Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2011-000068
Vulnerability from jvndb - Published: 2011-09-02 19:11 - Updated:2011-09-02 19:11Summary
Multiple vulnerabilities in Phorum
Details
Phorum contains multiple vulnerabilities.
Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities.
Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
|
|
||
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000068.html",
"dc:date": "2011-09-02T19:11+09:00",
"dcterms:issued": "2011-09-02T19:11+09:00",
"dcterms:modified": "2011-09-02T19:11+09:00",
"description": "Phorum contains multiple vulnerabilities.\r\n\r\nPhorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities.\r\n\r\nDaiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000068.html",
"sec:cpe": {
"#text": "cpe:/a:phorum:phorum",
"@product": "Phorum",
"@vendor": "Phorum",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2011-000068",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN71435255/index.html",
"@id": "JVN#71435255",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3381",
"@id": "CVE-2011-3381",
"@source": "CVE"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3382",
"@id": "CVE-2011-3382",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3381",
"@id": "CVE-2011-3381",
"@source": "NVD"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3382",
"@id": "CVE-2011-3382",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple vulnerabilities in Phorum"
}