Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
2003-12-31T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | * | No |
| Operating System | microsoft | all_windows | * | No |
| Operating System | unix | unix | any_version | No |
| Application | phorum | phorum | ≤ 3.4.2 | Yes |
| Application | phorum | phorum | 3.4 | Yes |
| Application | phorum | phorum | 3.4.1 | Yes |