Forum
by Prozilla
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0959 | 0.04 | — | 0.07 | Oct 4, 2002 | Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script. | |||
| CVE-2008-1789 | 0.03 | — | 0.01 | Apr 15, 2008 | SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | |||
| CVE-2007-3267 | 0.03 | — | 0.02 | Jun 19, 2007 | Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235. | |||
| CVE-2007-3235 | 0.03 | — | 0.01 | Jun 15, 2007 | Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection. | |||
| CVE-2005-3394 | 0.03 | — | 0.01 | Nov 1, 2005 | Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module. | |||
| CVE-2003-0590 | 0.03 | — | 0.02 | Aug 18, 2003 | Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field. | |||
| CVE-2003-0483 | 0.03 | — | 0.04 | Aug 7, 2003 | Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php. | |||
| CVE-2006-0124 | 0.00 | — | 0.01 | Jan 9, 2006 | Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field. |
- CVE-2002-0959Oct 4, 2002risk 0.04cvss —epss 0.07
Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote attackers to execute arbitrary script as other users via an [img] tag with a closing quote followed by the script.
- CVE-2008-1789Apr 15, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
- CVE-2007-3267Jun 19, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235.
- CVE-2007-3235Jun 15, 2007risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection.
- CVE-2005-3394Nov 1, 2005risk 0.03cvss —epss 0.01
Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.
- CVE-2003-0590Aug 18, 2003risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.
- CVE-2003-0483Aug 7, 2003risk 0.03cvss —epss 0.04
Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php.
- CVE-2006-0124Jan 9, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field.