CVE-2004-2241 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2004-2241

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendors patch.

Affected Software

Name	Vendor	Start Version	End Version
Phorum	Phorum	5.0.11 (including)	5.0.11 (including)

References

http://phorum.org/cvs-changelog-5.txt
http://secunia.com/advisories/12980
http://securitytracker.com/id?1011921
http://www.securityfocus.com/bid/11538
https://exchange.xforce.ibmcloud.com/vulnerabilities/17846
http://phorum.org/cvs-changelog-5.txt
http://secunia.com/advisories/12980
http://securitytracker.com/id?1011921
http://www.securityfocus.com/bid/11538
https://exchange.xforce.ibmcloud.com/vulnerabilities/17846