CVE-2004-1822

Published: Mar 15, 2004Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.

Affected (29)

Products: Phorum: Phorum

Phorum

1 product

Phorum

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Phorum Phorum	Version 3.1.1
Phorum Phorum	Version 3.1.1_pre
Phorum Phorum	Version 3.1.1_rc2
Phorum Phorum	Version 3.1.1a
Phorum Phorum	Version 3.1.2
Phorum Phorum	Version 3.1
Phorum Phorum	Version 3.2.2
Phorum Phorum	Version 3.2.3
Phorum Phorum	Version 3.2.3a
Phorum Phorum	Version 3.2.3b
Phorum Phorum	Version 3.2.4
Phorum Phorum	Version 3.2.5
Phorum Phorum	Version 3.2.6
Phorum Phorum	Version 3.2.7
Phorum Phorum	Version 3.2.8
Phorum Phorum	Version 3.2
Phorum Phorum	Version 3.3.1
Phorum Phorum	Version 3.3.1a
Phorum Phorum	Version 3.3.2
Phorum Phorum	Version 3.3.2a
Phorum Phorum	Version 3.3.2b3
Phorum Phorum	Version 3.4.1
Phorum Phorum	Version 3.4.2
Phorum Phorum	Version 3.4.3
Phorum Phorum	Version 3.4.4
Phorum Phorum	Version 3.4.5
Phorum Phorum	Version 3.4.6
Phorum Phorum	Version 3.4
Phorum Phorum	Version 5.0.3_beta