2 matches found
JForum 2.08 Cross Site Scripting
Minded Security Labs: Advisory MSA130510 JForum ?s?i\color='"?.?^'"'"?.?/color\ $2 As it's possible to see from the previous code, "color" attribute expects a parameter between single quotes. Jforum does not encode single quotes, so it's possible to a...
JForum 2.08 - BBCode Color Tag HTML Injection
source: https://www.securityfocus.com/bid/42414/info JForum is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the...