CVE-2011-3392

Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.

Published: Sep 8, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-3392
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
phorum / phorum	5.2.10-rc1	5.2.10-rc1.x
phorum / phorum	3.2.2	3.2.2.x
phorum / phorum	5.0.15	5.0.15.x
phorum / phorum	3.1.1_pre	3.1.1_pre.x
phorum / phorum	5.2.5	5.2.5.x
phorum / phorum	5.0.1_alpha	5.0.1_alpha.x
phorum / phorum	-	5.2.16.x
phorum / phorum	5.2.9	5.2.9.x
phorum / phorum	5.2.12	5.2.12.x
phorum / phorum	3.4.6	3.4.6.x
phorum / phorum	5.2.2-beta	5.2.2-beta.x
phorum / phorum	5.2.15	5.2.15.x
phorum / phorum	3.2.3	3.2.3.x
phorum / phorum	5.0.13a	5.0.13a.x
phorum / phorum	5.2.14	5.2.14.x
phorum / phorum	5.0.15a	5.0.15a.x
phorum / phorum	3.2.7	3.2.7.x
phorum / phorum	3.4.3	3.4.3.x
phorum / phorum	5.0.2_alpha	5.0.2_alpha.x
phorum / phorum	5.0.5_beta	5.0.5_beta.x
phorum / phorum	5.0.19	5.0.19.x
phorum / phorum	5.1.13	5.1.13.x
phorum / phorum	3.1.1	3.1.1.x
phorum / phorum	3.2.8	3.2.8.x
phorum / phorum	3.3.1a	3.3.1a.x
phorum / phorum	5.0.7a_beta	5.0.7a_beta.x
phorum / phorum	3.4.4	3.4.4.x
phorum / phorum	5.0.17	5.0.17.x
phorum / phorum	5.0.17a	5.0.17a.x
phorum / phorum	3.3.1	3.3.1.x
phorum / phorum	3.4	3.4.x
phorum / phorum	3.3.2	3.3.2.x
phorum / phorum	3.1.1_rc2	3.1.1_rc2.x
phorum / phorum	5.1.25	5.1.25.x
phorum / phorum	5.0.18	5.0.18.x
phorum / phorum	5.0.4a_beta	5.0.4a_beta.x
phorum / phorum	4.3.7	4.3.7.x
phorum / phorum	3.0.7	3.0.7.x
phorum / phorum	5.1.18	5.1.18.x
phorum / phorum	5.2.4-rc2	5.2.4-rc2.x
phorum / phorum	5.2.12a	5.2.12a.x
phorum / phorum	3.1.1a	3.1.1a.x
phorum / phorum	3.4.5	3.4.5.x
phorum / phorum	5.2.3-rc1	5.2.3-rc1.x
phorum / phorum	5.0.12	5.0.12.x
phorum / phorum	5.0.20	5.0.20.x
phorum / phorum	5.1.20	5.1.20.x
phorum / phorum	3.4.8a	3.4.8a.x
phorum / phorum	3.2.5	3.2.5.x
phorum / phorum	3.2.3a	3.2.3a.x
phorum / phorum	5.2	5.2.x
phorum / phorum	5.2.10	5.2.10.x
phorum / phorum	5.1.21	5.1.21.x
phorum / phorum	5.0.0_alpha	5.0.0_alpha.x
phorum / phorum	3.2	3.2.x
phorum / phorum	5.2.13	5.2.13.x
phorum / phorum	5.0.16	5.0.16.x
phorum / phorum	5.0.10	5.0.10.x
phorum / phorum	3.1.2	3.1.2.x
phorum / phorum	5.0.11	5.0.11.x
phorum / phorum	5.0.14a	5.0.14a.x
phorum / phorum	5.0.9	5.0.9.x
phorum / phorum	3.1	3.1.x
phorum / phorum	5.0.14	5.0.14.x
phorum / phorum	5.0.7_beta	5.0.7_beta.x
phorum / phorum	5.1.14	5.1.14.x
phorum / phorum	3.4.2	3.4.2.x
phorum / phorum	5.0.6_beta	5.0.6_beta.x
phorum / phorum	5.1.17	5.1.17.x
phorum / phorum	3.4.1	3.4.1.x
phorum / phorum	3.4.7	3.4.7.x
phorum / phorum	5.0.3_beta	5.0.3_beta.x
phorum / phorum	5.2.8	5.2.8.x
phorum / phorum	3.4.8	3.4.8.x
phorum / phorum	3.2.4	3.2.4.x
phorum / phorum	5.0.4_beta	5.0.4_beta.x
phorum / phorum	5.0.13	5.0.13.x
phorum / phorum	5.2.1	5.2.1.x
phorum / phorum	5.0.8_rc	5.0.8_rc.x
phorum / phorum	5.2.11	5.2.11.x
phorum / phorum	3.2.3b	3.2.3b.x
phorum / phorum	3.3.2b3	3.3.2b3.x
phorum / phorum	3.3.2a	3.3.2a.x
phorum / phorum	3.2.6	3.2.6.x

Vulnerability Database

290,020

CVE-2011-3392