CVE-2003-1467

Published: Dec 31, 2003Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

Affected (3)

Products: Phorum: Phorum

Phorum

1 product

Phorum

Configuration A

3 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Phorum Phorum	Up to 3.4.2
Phorum Phorum	Version 3.4.1
Phorum Phorum	Version 3.4

Running on/with	Platform Versions
Linux Linux Kernel	All versions
Microsoft All Windows	All versions
Unix Unix	Version any_version

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (18)

http://securityreason.com/securityalert/3288

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/321310

Source: cve@mitre.org

http://www.securityfocus.com/bid/7572

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/7573

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/7576

Source: cve@mitre.org

http://www.securityfocus.com/bid/7577

Source: cve@mitre.org

http://www.securityfocus.com/bid/7584

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/12487

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/12502

Source: cve@mitre.org

http://securityreason.com/securityalert/3288