Phorum 3.4 - Email Subject Line Script Injection

EDB-ID:

22451

CVE:

N/A

Author:

peter

Type:

webapps

Platform:

PHP

Published:

2003-04-02

source: http://www.securityfocus.com/bid/7262/info

It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line (or other fields) before sending an email to the target victim. 

"><script>alert("Vulnerable");</script>