Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.
References
Link | Resource |
---|---|
http://www.zerodaylab.com/zdl-advisories/2012-5337.html | Exploit |
Configurations
Information
Published : 2013-02-24 12:55
Updated : 2013-02-25 21:00
NVD link : CVE-2012-5337
Mitre link : CVE-2012-5337
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
jforum
- jforum