| VID |
21335 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Phorum software is vulnerable to a cross-site scripting vulnerability in the search.php script.
Phorum is a PHP-based Web forum package for multiple operating systems. Phorum version 5.0.7 beta is vulnerable to a cross-site scripting, caused by improper validation of user-supplied input in the the subject field of the search.php script. A remote attacker could create a specially crafted URL that, when loaded by a target user, would cause arbitrary scripting code to be executed by the target user's browser. An attacker could exploit this vulnerability to steal the victim's cookie-based authentication credentials.
* References:
http://www.securitytracker.com/alerts/2004/Jul/1010787.html
* Platforms Affected:
Phorum.org, Phorum 5.0.7 beta
Unix Any version
Linux Any version
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of August 2004.
Upgrade to the latest version of Phorum, when new fixed version (6.24 or later) becomes available from the Phorum Web site at http://phorum.org/ |
| Related URL |
CVE-2004-2242 (CVE) |
| Related URL |
10822 (SecurityFocus) |
| Related URL |
16831 (ISS) |
|
