CVE-2012-5337

JForum 2.1.9 - Cross-Site Scripting via Action, Match Type, Sort By, or Start Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5337. PoCs published by ZeroDayLab.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in JForum by injecting a script tag into the 'action' parameter of a GET request. The payload triggers an alert dialog, confirming the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ZeroDayLab · textwebappsjsp
https://www.exploit-db.com/exploits/38334

This exploit demonstrates a reflected XSS vulnerability in JForum by injecting a script tag into the 'action' parameter of a GET request. The payload triggers an alert dialog, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: JForum 2.1.9
No auth needed
Prerequisites: Access to the target JForum instance
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

EPSS 0.0252
EPSS Percentile 82.9%

Details

CWE
CWE-79
Status published
Products (1)
jforum/jforum 2.1.9
Published Feb 24, 2013
Tracked Since Feb 18, 2026