Input passed to the Location parameter in Phorum version 5.0.14a is not properly sanitized. This can be exploited to inject malicious characters into HTTP headers and may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site.
717c3533128917404f046aa6d2d00c0f269bac8b897ff6f47041d8595c04742aMultiple vulnerabilities were found in the GoSmart Message Board. A remote user can conduct SQL injection and cross site scripting attacks. Exploitation examples provided.
3883551b72d84d43a2a3267c598f7a044bcfcc697816708e9381717b65e1842b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed