Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter.

PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.