First published: Wed Apr 25 2007(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Phorum Phorum | <=5.1.21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.