CVE-2005-0784: XSS
First published: Sun Mar 20 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phorum | =5.0.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-0784?
CVE-2005-0784 is classified as a moderate severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2005-0784?
To fix CVE-2005-0784, upgrade Phorum to version 5.0.15 or later, which addresses the XSS vulnerabilities.
What software versions are affected by CVE-2005-0784?
CVE-2005-0784 affects Phorum version 5.0.14 and earlier.
What types of attacks can CVE-2005-0784 enable?
CVE-2005-0784 can enable remote attackers to execute arbitrary scripts in the context of a user's session through cross-site scripting.
Where does CVE-2005-0784 allow XSS injection?
CVE-2005-0784 allows XSS injection via the subject line in the follow.php script and the user’s personal control panel.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/phorum
- canonical/phorum
- version/phorum/5.0.14