CVE-2007-2248

Name of the Vulnerable Software and Affected Versions Phorum versions prior to 5.1.22

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the group id parameter in the groups module or the smiley id parameter in the smileys modsettings module.

Recommendations For versions prior to 5.1.22, update to version 5.1.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin.php file and its modules, specifically the groups and smileys modsettings modules, until the update is applied. Avoid using the group id and smiley id parameters in the affected modules until the issue is resolved.