Unrated severityNVD Advisory· Published Mar 6, 2009· Updated Apr 23, 2026

CVE-2008-6437

Description

Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.

Affected products

Lukas Waldauf/Phpfreeforum
cpe:2.3:a:lukas_waldauf:phpfreeforum:*:rc2:*:*:*:*:*:*
Range: <=1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/29337nvdExploit
secunia.com/advisories/30372nvdVendor Advisory
osvdb.org/45607nvd
osvdb.org/45608nvd
www.securityfocus.com/archive/1/492445/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/42586nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000