This week details about cross-site scripting (XSS) vulnerability (CVE-2012-4234, HTB23109) in Phorum version 5.2.18 were disclosed by High-Tech Bridge Security Advisories.
Vulnerability details: input passed via the "group" GET parameter to "control.php" script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in user's browser session in context of an affected website.
Phorum is open source PHP forum software with a penchant for speed. Phorum's very flexible hook and module system can satisfy every web master's needs.
Last friday Phorum 5.2.19 released, wich contain a security fix for this vulnerability. Details available on vendor's website.
No comments:
Post a Comment