CVE-2012-5337 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in JForum 2.1.9 allow remote attackers to inject arbitrary web script or HTML via the (1) action (2) match_type (3) sort_by or (4) start parameters.

Reference

http://www.zerodaylab.com/zdl-advisories/2012-5337.html