Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jforum jforum - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7209
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote malicious users to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.
Jforum Jforum -
1 EDB exploit
NA
CVE-2012-5337
Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote malicious users to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.
Jforum Jforum 2.1.9
1 EDB exploit
5.4
CVSSv3
CVE-2021-40509
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.
Jforum Jforum 2.7.0
NA
CVE-2012-5338
Open redirect vulnerability in JForum 2.1.9 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin action to jforum.page.
Jforum Jforum 2.1.9
8.8
CVSSv3
CVE-2022-26173
JForum v2.8.0 exists to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows malicious users to arbitrarily add admin accounts.
Jforum Jforum 2.8.0
5.3
CVSSv3
CVE-2019-7550
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. N...
Jforum Jforum 2.1.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started