Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote malicious users to inject arbitrary web script or HTML via the Search parameter.
source: wwwsecurityfocuscom/bid/13213/info
mvnForum is prone to a cross-site scripting vulnerability This issue is due to a failure in the application to properly sanitize user-supplied input
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user This may facilitate the theft ...