• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Phorum Reply Email Address Script Injection Vulnerability

Phorum is a PHP based web forums package.

It has been reported possible to inject script code into the body of a message response. The attacker's script code may be executed in the web client of arbitrary users who view the malicious post.

Attackers may potentially exploit this issue to hijack web content or to steal cookie-based authentication credentials.