CVE

Id
25605  
CVE No.
CVE-2007-2248  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.  
Phase
Assigned (20070425)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
255938 25605 CVE-2007-2248 BUGTRAQ:20070419 [waraxe-2007-SA#049] - Multiple vulnerabilities in Phorum 5.1.20  View
255939 25605 CVE-2007-2248 URL:http://www.securityfocus.com/archive/1/archive/1/466286/100/0/threaded  View
255940 25605 CVE-2007-2248 MISC:http://www.waraxe.us/advisory-49.html  View
255941 25605 CVE-2007-2248 CONFIRM:http://www.phorum.org/story.php?76  View
255942 25605 CVE-2007-2248 BID:23616  View
255943 25605 CVE-2007-2248 URL:http://www.securityfocus.com/bid/23616  View
255944 25605 CVE-2007-2248 OSVDB:35057  View
255945 25605 CVE-2007-2248 URL:http://osvdb.org/35057  View
255946 25605 CVE-2007-2248 OSVDB:35058  View
255947 25605 CVE-2007-2248 URL:http://osvdb.org/35058  View
255948 25605 CVE-2007-2248 SECTRACK:1017936  View
255949 25605 CVE-2007-2248 URL:http://www.securitytracker.com/id?1017936  View
255950 25605 CVE-2007-2248 SECUNIA:24932  View
255951 25605 CVE-2007-2248 URL:http://secunia.com/advisories/24932  View
255952 25605 CVE-2007-2248 SREASON:2617  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55058 JVNDB-2007-003750 Phorum の admin.php におけるフルパスを取得される脆弱性 Phorum の admin.php には、フルパスを取得される脆弱性が存在します。 CVE-2007-2250 25605 5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003750.html  View