CVE-2004-2242

Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://phorum.org/cvs-changelog-5.txt
http://securitytracker.com/id?1010787	Exploit
http://www.securityfocus.com/bid/10822	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/16831
http://phorum.org/cvs-changelog-5.txt
http://securitytracker.com/id?1010787	Exploit
http://www.securityfocus.com/bid/10822	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/16831

Configurations

Configuration 1 (hide)

cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-2242

Mitre link : CVE-2004-2242

CVE.ORG link : CVE-2004-2242

JSON object : View

Products Affected

phorum

phorum

CWE

NVD-CWE-Other

4.3 /10