CVE-2011-3382
Description
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML into logged-in users' browsers.
Vulnerability
Phorum before version 5.2.16 contains a cross-site scripting (XSS) vulnerability. The exact input vectors are unspecified in the available references [1][2], but the flaw allows injection of arbitrary web script or HTML. All versions prior to the fix are affected.
Exploitation
An attacker can exploit this by crafting a malicious link or content that, when accessed by a user logged into Phorum, executes the injected script. No authentication is required for the attacker, but the victim must be authenticated to the application and interact with the malicious input (user interaction is required) [1][2].
Impact
Successful exploitation leads to arbitrary script execution in the context of the victim's browser. This can result in session hijacking, data theft, or other actions on behalf of the authenticated user, compromising integrity and confidentiality [2].
Mitigation
Upgrade to Phorum version 5.2.16 or later. The vendor released this fix in 2011 [1][2]. No workarounds are documented in the available references.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
84cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*+ 83 more
- cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*range: <=5.2.15
- cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:4.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.0_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.13a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.14a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.1_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.2_alpha:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.4a_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.4_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.5_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.6_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.7a_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.8_rc:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.13:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.17:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.18:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.20:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.21:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.1.25:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.10:rc1:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.12a:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.2:beta:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.4:rc2:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:phorum:phorum:5.2.9:*:*:*:*:*:*:*
- (no CPE)range: <5.2.16
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.