Phorum 3.4 - Email Subject Line Script Injection

EDB-ID:

22451

CVE:

N/A


Author:

peter

Type:

webapps


Platform:

PHP

Date:

2003-04-02


source: https://www.securityfocus.com/bid/7262/info

It has been reported that it is possible to inject script code into the subject of a message in Phorum. This may be done by constructing a malicious subject line (or other fields) before sending an email to the target victim. 

"><script>alert("Vulnerable");</script>