Posted by Curesec Research Team (CRT) on Aug 18

Phorum 5.2.19: Reflected XSS (IIS only) and Open Redirect
Security Advisory – Curesec Research Team
1. Introduction

Affected Product: Phorum 5.2.19
Fixed in: 5.2.20
Fixed Version Link: http://www.phorum.org/downloads/phorum_5_2_20.zip
Vendor Contact: webmaster () phorum org
Vulnerability Type: Reflected XSS (IIS only) and Open Redirect
Remote Exploitable: Yes
Reported to vendor:…