Phorum < 5.1.19 register.php XSS
Medium Nessus Network Monitor Plugin ID 3898
SynopsisThe remote host is vulnerable to a Cross-Site Scripting (XSS) attack.
DescriptionThe remote version of Phorum contains a script called 'register.php' that is vulnerable to a cross-site scripting attack via the 'username' parameter. An attacker may exploit this problem to steal the authentication credentials of third party users.
SolutionUpgrade to version 5.1.19 or higher.