Description
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.
References
http://seclists.org/fulldisclosure/2021/Sep/13
Mailing ListThird Party Advisory
https://lists.openwall.net/full-disclosure/2021/09/03/7
ExploitMailing ListThird Party Advisory
https://sourceforge.net/p/jforum2/code/934/
PatchThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-09-04T20:15:07.420
3 years agoLast modified
2021-09-09T21:24:29.487
3 years ago