Input passed to the Location parameter in Phorum version 5.0.14a is not properly sanitized. This can be exploited to inject malicious characters into HTTP headers and may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site.
717c3533128917404f046aa6d2d00c0f269bac8b897ff6f47041d8595c04742a
Multiple vulnerabilities were found in the GoSmart Message Board. A remote user can conduct SQL injection and cross site scripting attacks. Exploitation examples provided.
3883551b72d84d43a2a3267c598f7a044bcfcc697816708e9381717b65e1842b