[] NeoSense
E X P L O I T S
title author type platform port cve id

Phorum 3.4.x - 'Message Form' HTML Injection

Author: WiciU
type: webapps
platform: php
port: 
date_added: 2003-05-09 
date_updated: 2012-11-09 
verified: 1 
codes: CVE-2003-0283;OSVDB-9194 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/7545/info

An HTML injection issue has been reported which may lead to unauthorized code execution.

It has been reported that it is possible to inject HTML or script code into the subject and other fields of a message in Phorum. This may be done by including code in message fields before sending a message to the target victim.

<<b>script>alert(document.cookie);<<b>/script>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.