Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Phorum < 5.1.19 register.php XSS

Medium

Synopsis

The remote host is vulnerable to a Cross-Site Scripting (XSS) attack.

Description

The remote version of Phorum contains a script called 'register.php' that is vulnerable to a cross-site scripting attack via the 'username' parameter. An attacker may exploit this problem to steal the authentication credentials of third party users.

Solution

Upgrade to version 5.1.19 or higher.