CVE-2010-2463

Name of the Vulnerable Software and Affected Versions Jamroom versions prior to 4.1.9

Description A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the post id parameter in a modify action in the "forum.php" file.

Recommendations For versions prior to 4.1.9, update to version 4.1.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the modify action in "forum.php" to minimize the risk of exploitation. Avoid using the post id parameter in the affected API endpoint until the issue is resolved.