Input passed to the Location parameter in Phorum version 5.0.14a is not properly sanitized. This can be exploited to inject malicious characters into HTTP headers and may allow execution of arbitrary HTML and script code in a user's browser session in context of an affected site.
717c3533128917404f046aa6d2d00c0f269bac8b897ff6f47041d8595c04742a