CVE-2012-5337
JForum 2.1.9 - Cross-Site Scripting via Action, Match Type, Sort By, or Start Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-5337. PoCs published by ZeroDayLab.
AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in JForum by injecting a script tag into the 'action' parameter of a GET request. The payload triggers an alert dialog, confirming the vulnerability.
Description
Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.
Exploits (1)
This exploit demonstrates a reflected XSS vulnerability in JForum by injecting a script tag into the 'action' parameter of a GET request. The payload triggers an alert dialog, confirming the vulnerability.