JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.
Max CVSS
8.8
EPSS Score
0.17%
Published
2022-06-16
Updated
2022-06-28
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.
Max CVSS
5.4
EPSS Score
0.08%
Published
2021-09-04
Updated
2021-09-09
In JForum 2.1.8, an unauthenticated, remote attacker can enumerate whether a user exists by using the "create user" function. If a register/check/username?username= request corresponds to a username that exists, then an "is already in use" error is produced. NOTE: this product is discontinued.
Max CVSS
5.3
EPSS Score
0.29%
Published
2019-02-12
Updated
2020-08-24
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.
Max CVSS
6.8
EPSS Score
1.01%
Published
2013-12-30
Updated
2013-12-31
Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin action to jforum.page.
Max CVSS
5.8
EPSS Score
0.15%
Published
2013-09-23
Updated
2013-09-24
Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) match_type, (3) sort_by, or (4) start parameters.
Max CVSS
4.3
EPSS Score
0.12%
Published
2013-02-24
Updated
2013-02-26
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!