"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. - Gene Spafford"

RSS

HIO-2011-0822 Phorum 5.2.16 XSS Vulnerability PDF Print E-mail

Phorum 5.2.16 exhibits a vulnerabillity which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "real_name" parameter to the control.php script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

 

References:

CVE-2010-pending

BID:

OSVDB:

SA: 45787

XF: 

Related: 

Vendor Solution:

Update to version 5.2.17

 
< Prev   Next >
[ Back ]