CVE-2005-2836

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php.

Published: Sep 7, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2836
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
phorum / phorum	3.2.2	3.2.2.x
phorum / phorum	5.0.15	5.0.15.x
phorum / phorum	3.1.1_pre	3.1.1_pre.x
phorum / phorum	3.4.6	3.4.6.x
phorum / phorum	3.2.3	3.2.3.x
phorum / phorum	3.2.7	3.2.7.x
phorum / phorum	3.4.3	3.4.3.x
phorum / phorum	3.1.1	3.1.1.x
phorum / phorum	3.2.8	3.2.8.x
phorum / phorum	3.3.1a	3.3.1a.x
phorum / phorum	3.4.4	3.4.4.x
phorum / phorum	5.0.17	5.0.17.x
phorum / phorum	3.3.1	3.3.1.x
phorum / phorum	3.4	3.4.x
phorum / phorum	3.3.2	3.3.2.x
phorum / phorum	3.1.1_rc2	3.1.1_rc2.x
phorum / phorum	4.3.7	4.3.7.x
phorum / phorum	3.1.1a	3.1.1a.x
phorum / phorum	3.4.5	3.4.5.x
phorum / phorum	5.0.12	5.0.12.x
phorum / phorum	3.2.5	3.2.5.x
phorum / phorum	3.2.3a	3.2.3a.x
phorum / phorum	3.2	3.2.x
phorum / phorum	5.0.16	5.0.16.x
phorum / phorum	5.0.10	5.0.10.x
phorum / phorum	3.1.2	3.1.2.x
phorum / phorum	5.0.11	5.0.11.x
phorum / phorum	5.0.14a	5.0.14a.x
phorum / phorum	5.0.9	5.0.9.x
phorum / phorum	3.1	3.1.x
phorum / phorum	5.0.14	5.0.14.x
phorum / phorum	5.0.7_beta	5.0.7_beta.x
phorum / phorum	3.4.2	3.4.2.x
phorum / phorum	3.4.1	3.4.1.x
phorum / phorum	3.4.7	3.4.7.x
phorum / phorum	5.0.3_beta	5.0.3_beta.x
phorum / phorum	3.4.8	3.4.8.x
phorum / phorum	3.2.4	3.2.4.x
phorum / phorum	3.2.3b	3.2.3b.x
phorum / phorum	3.3.2b3	3.3.2b3.x
phorum / phorum	3.3.2a	3.3.2a.x
phorum / phorum	3.2.6	3.2.6.x

Vulnerability Database

290,020

CVE-2005-2836