nGenuity

Get a Security Assessment

JForum 2.1.8 findUser reflected XSS

JForum 2.1.8 and possibly earlier versions (not verified) is vulnerable to reflected cross-site scripting through the findUser search functionality. The vendor was notified but to the best of our knowledge has not addressed the vulnerability in the current release.

JForum 2.1.8 bookmarks CSRF & XSS

JForum 2.1.8 and possibly earlier versions (not verified) are vulnerable to persistent cross-site scripting which can be triggered by cross-site request forgery. It is unknown at this time if the vendor has addressed this vulnerability in the latest release.

McAfee UTM Firewall Help Cross-Site Scripting

McAfee UTM Firmware 3.0.0 to 4.0.6 is vulnerable to reflected cross-site scripting. McAfee recommends installing UTM Firmware version 4.0.7 to mitigate this vulnerability.