Phorum 5.2.19: Reflected XSS (IIS only) and Open RedirectDate: 2015-08-17 09:33:26
|Affected Product:||Phorum 5.2.19|
|Fixed Version Link:||http://www.phorum.org/downloads/phorum_5_2_20.zip|
|Vulnerability Type:||Reflected XSS (IIS only) and Open Redirect|
|Reported to vendor:||07/14/2015|
|Disclosed to public:||08/17/2015|
|Release mode:||Coordinated release|
|Google Dork:||"This forum is powered by Phorum" (About 431,000 results)|
|Credits||Tim Coen of curesec GmbH|
2. Vulnerability Description
The attack can be exploited by getting the victim to click a link or visit an attacker controlled website.
Additionally, there is an open redirect vulnerability, which may aid attackers in phishing attacks. This vulnerability is not limited to Microsoft-IIS.
3. Proof of Concept
The XSS injection takes place into the phorum_redirect_to GET argument:
The open redirect is possible via the same GET argument as the XSS vulnerability:
To mitigate this issue please upgrade at least to version 5.2.20:
Please note that a newer version might already be available.
5. Report Timeline
|07/14/2015||Informed Vendor about Issue|
|07/19/2015||Vendor releases Version 5.2.20|
|08/17/2015||Disclosed to public|