Phorum 3.4.x - 'Message Form' HTML Injection
| EKU-ID: 28055 | CVE: CVE-2003-0283;OSVDB-9194 | OSVDB-ID: |
| Author: WiciU | Published: 2003-05-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28055 | CVE: CVE-2003-0283;OSVDB-9194 | OSVDB-ID: |
| Author: WiciU | Published: 2003-05-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7545/info An HTML injection issue has been reported which may lead to unauthorized code execution. It has been reported that it is possible to inject HTML or script code into the subject and other fields of a message in Phorum. This may be done by including code in message fields before sending a message to the target victim. <<b>script>alert(document.cookie);<<b>/script>