Zorum Forum
by Zorum
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2003-1088 | 0.03 | — | 0.02 | Aug 11, 2003 | Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter. | |||
| CVE-2006-3332 | 0.00 | — | 0.01 | Jun 30, 2006 | SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters. | |||
| CVE-2006-3333 | 0.00 | — | 0.01 | Jun 30, 2006 | Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of… | |||
| CVE-2005-0676 | 0.00 | — | 0.01 | May 4, 2005 | index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability. | |||
| CVE-2005-0677 | 0.00 | — | 0.01 | May 2, 2005 | index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter. | |||
| CVE-2002-2350 | 0.00 | — | 0.01 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. |
- CVE-2003-1088Aug 11, 2003risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
- CVE-2006-3332Jun 30, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters.
- CVE-2006-3333Jun 30, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of…
- CVE-2005-0676May 4, 2005risk 0.00cvss —epss 0.01
index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability.
- CVE-2005-0677May 2, 2005risk 0.00cvss —epss 0.01
index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter.
- CVE-2002-2350Dec 31, 2002risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter.