CVE-2007-2248

Phorum < 5.1.21 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/29887
exploitdb WORKING POC VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/29888

References (9)

Scores

EPSS 0.0784
EPSS Percentile 91.9%

Classification

CWE
CWE-79
Status draft

Affected Products (1)

phorum/phorum < 5.1.21

Timeline

Published Apr 25, 2007
Tracked Since Feb 18, 2026