CVE-2003-0283
Phorum < 3.4.3 - Cross-Site Scripting via Message Subject, Author Name, or Email
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-0283. PoCs published by WiciU.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Phorum, allowing arbitrary script execution via crafted input in message fields. The PoC shows a simple XSS payload that steals cookies when rendered.
Description
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in Phorum, allowing arbitrary script execution via crafted input in message fields. The PoC shows a simple XSS payload that steals cookies when rendered.