Description
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.
Exploits (1)
References (2)
Core 2
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/36154
Product x_refsource_confirm
http://sourceforge.net/p/beehiveforum/news/2015/02/beehive-forum-145-released/
Scores
EPSS
0.0088
EPSS Percentile
75.4%
Details
CWE
CWE-79
Status
published
Products (1)
beehive_forum/beehive_forum
1.4.4
Published
Mar 03, 2015
Tracked Since
Feb 18, 2026