VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1629
phorum: Cross-site scripting (XSS) vulnerability in Phorum ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1629

Original

Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-05-19
Source Information Category:
Advisory, Alert
Last Updated:
2010-05-20




Affected Product Tags
cpe:/a:phorum:phorum:3.0.7
cpe:/a:phorum:phorum:3.1
cpe:/a:phorum:phorum:3.1.1
cpe:/a:phorum:phorum:3.1.1_pre
cpe:/a:phorum:phorum:3.1.1_rc2
cpe:/a:phorum:phorum:3.1.1a
cpe:/a:phorum:phorum:3.1.2
cpe:/a:phorum:phorum:3.2
cpe:/a:phorum:phorum:3.2.2
cpe:/a:phorum:phorum:3.2.3
cpe:/a:phorum:phorum:3.2.3a
cpe:/a:phorum:phorum:3.2.3b
cpe:/a:phorum:phorum:3.2.4
cpe:/a:phorum:phorum:3.2.5
cpe:/a:phorum:phorum:3.2.6
cpe:/a:phorum:phorum:3.2.7
cpe:/a:phorum:phorum:3.2.8
cpe:/a:phorum:phorum:3.3.1
cpe:/a:phorum:phorum:3.3.1a
cpe:/a:phorum:phorum:3.3.2
cpe:/a:phorum:phorum:3.3.2a
cpe:/a:phorum:phorum:3.3.2b3
cpe:/a:phorum:phorum:3.4
cpe:/a:phorum:phorum:3.4.1
cpe:/a:phorum:phorum:3.4.2
cpe:/a:phorum:phorum:3.4.3
cpe:/a:phorum:phorum:3.4.4
cpe:/a:phorum:phorum:3.4.5
cpe:/a:phorum:phorum:3.4.6
cpe:/a:phorum:phorum:3.4.7
cpe:/a:phorum:phorum:3.4.8
cpe:/a:phorum:phorum:3.4.8a
cpe:/a:phorum:phorum:4.3.7
cpe:/a:phorum:phorum:5.0.0_alpha
cpe:/a:phorum:phorum:5.0.10
cpe:/a:phorum:phorum:5.0.11
cpe:/a:phorum:phorum:5.0.12
cpe:/a:phorum:phorum:5.0.13
cpe:/a:phorum:phorum:5.0.13a
cpe:/a:phorum:phorum:5.0.14
cpe:/a:phorum:phorum:5.0.14a
cpe:/a:phorum:phorum:5.0.15
cpe:/a:phorum:phorum:5.0.15a
cpe:/a:phorum:phorum:5.0.16
cpe:/a:phorum:phorum:5.0.17
cpe:/a:phorum:phorum:5.0.17a
cpe:/a:phorum:phorum:5.0.18
cpe:/a:phorum:phorum:5.0.19
cpe:/a:phorum:phorum:5.0.1_alpha
cpe:/a:phorum:phorum:5.0.20
cpe:/a:phorum:phorum:5.0.2_alpha
cpe:/a:phorum:phorum:5.0.3_beta
cpe:/a:phorum:phorum:5.0.4_beta
cpe:/a:phorum:phorum:5.0.4a_beta
cpe:/a:phorum:phorum:5.0.5_beta
cpe:/a:phorum:phorum:5.0.6_beta
cpe:/a:phorum:phorum:5.0.7_beta
cpe:/a:phorum:phorum:5.0.7a_beta
cpe:/a:phorum:phorum:5.0.8_rc
cpe:/a:phorum:phorum:5.0.9
cpe:/a:phorum:phorum:5.1.13
cpe:/a:phorum:phorum:5.1.14
cpe:/a:phorum:phorum:5.1.17
cpe:/a:phorum:phorum:5.1.18
cpe:/a:phorum:phorum:5.1.20
cpe:/a:phorum:phorum:5.1.21
cpe:/a:phorum:phorum:5.1.25
cpe:/a:phorum:phorum:5.2
cpe:/a:phorum:phorum:5.2.1
cpe:/a:phorum:phorum:5.2.10
cpe:/a:phorum:phorum:5.2.10:rc1
cpe:/a:phorum:phorum:5.2.11
cpe:/a:phorum:phorum:5.2.12
cpe:/a:phorum:phorum:5.2.12a
cpe:/a:phorum:phorum:5.2.13
cpe:/a:phorum:phorum:5.2.14 and previous versions
cpe:/a:phorum:phorum:5.2.2:beta
cpe:/a:phorum:phorum:5.2.3:rc1
cpe:/a:phorum:phorum:5.2.4:rc2
cpe:/a:phorum:phorum:5.2.5
cpe:/a:phorum:phorum:5.2.8
cpe:/a:phorum:phorum:5.2.9
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
CONFIRM http://www.facebook.com/note.php?note_id=371190874581




MLIST [oss-security] 20100518 Re: CVE request: phorum < 5.2.15 backend XSS




MLIST [oss-security] 20100517 CVE request: phorum < 5.2.15 backend XSS




Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)




Copyright © 2010 JPCERT/CC All Rights Reserved.