CVE-2012-5337

JForum 2.1.9 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZeroDayLab · textwebappsjsp

https://www.exploit-db.com/exploits/38334

View Code ZIP pw:eip

References (1)

[Exploit] http://www.zerodaylab.com/zdl-advisories/2012-5337.html

Scores

EPSS 0.0037

EPSS Percentile 58.6%

Details

CWE

CWE-79

Status published

Products (2)

jforum/jforum

n/a/n/a

Published Feb 24, 2013

Tracked Since Feb 18, 2026