Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
https://exchange.xforce.ibmcloud.com/vulnerabilities/12502
https://exchange.xforce.ibmcloud.com/vulnerabilities/12487
http://www.securityfocus.com/bid/7584
http://www.securityfocus.com/bid/7577
http://www.securityfocus.com/bid/7576
http://www.securityfocus.com/bid/7573
http://www.securityfocus.com/bid/7572