ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.
References
Link | Resource |
---|---|
https://lists.openwall.net/full-disclosure/2021/09/03/7 | Exploit Mailing List Third Party Advisory |
https://sourceforge.net/p/jforum2/code/934/ | Patch Third Party Advisory |
http://seclists.org/fulldisclosure/2021/Sep/13 | Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/164045/jforum-2.7.0-Cross-Site-Scripting.html | Third Party Advisory |
Configurations
Information
Published : 2021-09-04 13:15
Updated : 2021-09-09 14:24
NVD link : CVE-2021-40509
Mitre link : CVE-2021-40509
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
jforum
- jforum