Phorum 3.4.x - 'Message Form' HTML Injection

EDB-ID:

22579


Author:

WiciU

Type:

webapps


Platform:

PHP

Date:

2003-05-09


source: https://www.securityfocus.com/bid/7545/info

An HTML injection issue has been reported which may lead to unauthorized code execution.

It has been reported that it is possible to inject HTML or script code into the subject and other fields of a message in Phorum. This may be done by including code in message fields before sending a message to the target victim.

<<b>script>alert(document.cookie);<<b>/script>