Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Phorum多个跨站脚本漏洞
Vulnerability Description
Phorum是一个基于PHP+MySQL开发的开源论坛项目。它的特点是速度快,功能强大,面向模块化设计,安装简单。此外Phorum还集成电子报。 Phorum 5.0.17a 及以前版本中的多个跨站脚本(XSS)漏洞允许远程攻击者通过以下方式注入任意 web 脚本: (1)通过用户名参数向 register.php 文件注入; (2)通过"我的控制中心"中登录用户签字,这是由于 control.php 没有正确操作。
CVSS Information
N/A
Vulnerability Type
N/A