Description
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by G00db0y · textwebappsphp
https://www.exploit-db.com/exploits/23011
References (5)
Core 5
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8388
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/9497
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106063199925536&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/12867
Exploit, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013365
Scores
EPSS
0.0061
EPSS Percentile
70.0%
Details
Status
published
Products (6)
phpoutsourcing/zorum
3.0
phpoutsourcing/zorum
3.1
phpoutsourcing/zorum
3.2
phpoutsourcing/zorum
3.3
phpoutsourcing/zorum
3.4
phpoutsourcing/zorum
3.5
Published
Aug 11, 2003
Tracked Since
Feb 18, 2026