CVE-2008-2131

Name of the Vulnerable Software and Affected Versions mvnForum version 1.1 GA

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via the topic field. This injected content is later displayed by user/viewthread.jsp when the "quick reply button" is used.

Recommendations For mvnForum version 1.1 GA, as a temporary workaround, consider disabling the "quick reply button" until a patch is available. Restrict access to the topic field to minimize the risk of exploitation. Avoid using the topic field in user/viewthread.jsp until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.