Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
allpublication jboard |