CVE-2012-5337

Name of the Vulnerable Software and Affected Versions JForum version 2.1.9

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including the action, match type, sort by, and start parameters.

Recommendations For JForum version 2.1.9, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the jforum.page component to minimize the risk of exploitation. Avoid using the action, match type, sort by, and start parameters in the affected endpoint until the issue is resolved.