CVE-2004-0034
CVSS4.3
发布时间 :2004-01-20 00:00:00
修订时间 :2016-10-17 22:40:01
NMCOS    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.


[CNNVD]Phorum Multiple跨站点脚本/HTML注入漏洞(CNNVD-200401-053)

        Phorum 3.4.5版本以及之前版本存在多个跨站点脚本漏洞。远程攻击者借助(1)common.php的phorum_check_xss函数,(2)profile.php的EditError变量,以及(3)login.php的Error变量注入任意HTML或web脚本。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0034
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0034
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200401-053
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107340481804110&w=2
(UNKNOWN)  BUGTRAQ  20040105 Multiple Vulnerabilities in Phorum 3.4.5
http://phorum.org/
(VENDOR_ADVISORY)  CONFIRM  http://phorum.org/
http://www.securityfocus.com/bid/9361
(VENDOR_ADVISORY)  BID  9361
http://www.securitytracker.com/id?1008633
(UNKNOWN)  SECTRACK  1008633
http://xforce.iss.net/xforce/xfdb/14145
(VENDOR_ADVISORY)  XF  phorum-common-xss(14145)

- 漏洞信息

Phorum Multiple跨站点脚本/HTML注入漏洞
中危 跨站脚本
2004-01-20 00:00:00 2005-10-20 00:00:00
远程  
        Phorum 3.4.5版本以及之前版本存在多个跨站点脚本漏洞。远程攻击者借助(1)common.php的phorum_check_xss函数,(2)profile.php的EditError变量,以及(3)login.php的Error变量注入任意HTML或web脚本。

- 公告与补丁

        These issues have been addressed in Phorum version 3.4.6.
        Phorum Phorum 3.4
        
        Phorum Phorum 3.4.1
        
        Phorum Phorum 3.4.2
        
        Phorum Phorum 3.4.3
        
        Phorum Phorum 3.4.4
        
        Phorum Phorum 3.4.5
        

- 漏洞信息

3434
Phorum common.php phorum_check_xss Function XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Phorum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the phorum_check_xss() function does not validate user input upon submission to the common.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2004-01-05 2004-01-05
2004-01-05 Unknow

- 解决方案

Upgrade to version 3.4.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Phorum Multiple Cross-Site Scripting/HTML Injection Vulnerabilities
Input Validation Error 9361
Yes No
2004-01-05 12:00:00 2009-07-12 12:56:00
Discovery is credited to Calum Power.

- 受影响的程序版本

Phorum Phorum 3.4.5
Phorum Phorum 3.4.4
Phorum Phorum 3.4.3
Phorum Phorum 3.4.2
Phorum Phorum 3.4.1
Phorum Phorum 3.4
Phorum Phorum 3.4.6

- 不受影响的程序版本

Phorum Phorum 3.4.6

- 漏洞讨论

Phorum is prone to multiple cross-site scripting and HTML injection vulnerabilities. The cause of the vulnerabilities is that input supplied via URI parameters and form fields is not sanitized of HTML and script code before being included in web page output.

Remote attackers may create malicious links to a vulnerable script that includes hostile HTML and script code. If such a link were followed by a victim user, the attacker-supplied code would be rendered in the security context of the site hosting the software. Attackers may also persistently inject hostile HTML and script code into the forum software.

Theft of cookie-based authentication credentials is possible, in addition to other attacks.

- 漏洞利用

There is no exploit required.

- 解决方案

These issues have been addressed in Phorum version 3.4.6.


Phorum Phorum 3.4

Phorum Phorum 3.4.1

Phorum Phorum 3.4.2

Phorum Phorum 3.4.3

Phorum Phorum 3.4.4

Phorum Phorum 3.4.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站