Phorum 3.4 - Email Subject Line Script Injection
| EKU-ID: 27930 | CVE: | OSVDB-ID: |
| Author: peter | Published: 2003-04-02 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27930 | CVE: | OSVDB-ID: |
| Author: peter | Published: 2003-04-02 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7262/info
It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line (or other fields) before sending an email to the target victim.
"><script>alert("Vulnerable");</script>