CVE-2009-0488
Description
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Phorum before 5.2.10 contains a cross-site scripting (XSS) vulnerability allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Vulnerability
Phorum before version 5.2.10 contains a cross-site scripting (XSS) vulnerability. According to the vendor announcement [1], the issue is present in prior releases and is fixed in version 5.2.10. The official description states the vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, indicating that the attack surface is not fully detailed in public sources.
Exploitation
An attacker can exploit this vulnerability by sending crafted input that, when processed by Phorum, results in execution of malicious script or HTML in a victim's browser. The vectors are unspecified in available references [1], but typical XSS exploitation requires no special privileges beyond the ability to submit data (e.g., via forum posts, user profiles, or other input fields). User interaction (e.g., viewing a malicious post or page) is required for the script to execute.
Impact
Successful exploitation allows the attacker to execute arbitrary web script or HTML in the context of the victim's session on the affected Phorum installation. This can lead to session hijacking, defacement, credential theft, or other malicious actions depending on the attacker's payload and the victim's privileges within the forum.
Mitigation
Phorum version 5.2.10, released on February 5, 2009, addresses this vulnerability and is the recommended fix [1]. Users should upgrade to 5.2.10 or later. No workarounds are disclosed in the available references. There is no indication that this CVE is listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
77cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*+ 76 more
- cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:*:rc1:*:*:*:*:*:*range: <=5.2.10
- (no CPE)range: <5.2.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.