icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Phorum < 5.0.18 register.php XSS

Medium

Synopsis

The remote host is vulnerable to a cross-site scripting (XSS) attack.

Description

The remote version of Phorum contains a script called 'register.php' that is vulnerable to a cross-site scripting attack. An attacker may exploit this problem to steal the authentication credentials of third party users.

Solution

Upgrade to version 5.0.18 or higher.