Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org .
Phorum contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 't' parameter or the message reply text upon submission to the 'read.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.