Posted by kun song on Sep 03

hi,

I found a vulnerability in the jforum 2.7.0. It is a storage cross site
script vulnerability. The place is the user’s profile – signature. The
technique of the vulnerability is the same as that described in this
article “STORED CROSS SITE SCRIPTING IN BBCODE” (
https://mindedsecurity.com/advisories/msa130510/), and the POC is:

color tag:
[color=red” onMouseOver=”alert(‘xss’)]XSS[/color]…
Read More – Full Disclosure


By |2021-09-03T12:19:24-04:00September 3rd, 2021|