Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jamroom | jamroom | 2.64 |
| jamroom | jamroom | 3.0.15 |
| jamroom | jamroom | * |
| jamroom | jamroom | 3.0.13 |
| jamroom | jamroom | 3.3.8 |
| jamroom | jamroom | 2.68 |
| jamroom | jamroom | 3.0.4 |
| jamroom | jamroom | 4.0.5 |
| jamroom | jamroom | 2.65 |
| jamroom | jamroom | 4.1.0 |
| jamroom | jamroom | 2.67 |
| jamroom | jamroom | 3.2.1 |
| jamroom | jamroom | 3.0.21 |
| jamroom | jamroom | 4.1.1 |
| jamroom | jamroom | 3.1.2 |
| jamroom | jamroom | 2.62 |
| jamroom | jamroom | 3.3.7 |
| jamroom | jamroom | 4.0.9 |
| jamroom | jamroom | 2.60 |
| jamroom | jamroom | 3.0.5 |
| jamroom | jamroom | 2.69 |
| jamroom | jamroom | 3.2.2 |
| jamroom | jamroom | 3.0.7 |
| jamroom | jamroom | 2.63 |
| jamroom | jamroom | 3.0.2 |
| jamroom | jamroom | 3.0.3 |
| jamroom | jamroom | 3.0.24 |
| jamroom | jamroom | 2.0.9 |
| jamroom | jamroom | 1.0 |
| jamroom | jamroom | 2.6.11 |
| jamroom | jamroom | 3.1.3 |
| jamroom | jamroom | 4.0.11 |
| jamroom | jamroom | 3.3.0 |
| jamroom | jamroom | 4.0.14 |
| jamroom | jamroom | 3.0.6 |
| jamroom | jamroom | 3.1.4 |
| jamroom | jamroom | 3.4.0 |
| jamroom | jamroom | 4.0.8 |
| jamroom | jamroom | 3.0.14 |
| jamroom | jamroom | 3.3.3 |
| jamroom | jamroom | 3.0 |
| jamroom | jamroom | 3.3.4 |
| jamroom | jamroom | 2.66 |
| jamroom | jamroom | 2.6.12 |
| jamroom | jamroom | 3.0.18 |
| jamroom | jamroom | 3.0.30 |
| jamroom | jamroom | 4.0.13 |
| jamroom | jamroom | 4.0.12 |
| jamroom | jamroom | 2.61 |
| jamroom | jamroom | 3.3.1 |
| jamroom | jamroom | 3.3.2 |
| jamroom | jamroom | 3.3.6 |
| jamroom | jamroom | 4.0.10 |
| jamroom | jamroom | 3.0.22 |
| jamroom | jamroom | 3.1.5 |
| jamroom | jamroom | 4.0.3 |
| jamroom | jamroom | 4.0.7 |
| jamroom | jamroom | 3.0.25 |
| jamroom | jamroom | 3.0.29 |
| jamroom | jamroom | 3.0.20 |
| jamroom | jamroom | 3.0.23 |
| jamroom | jamroom | 3.0.28 |
| jamroom | jamroom | 3.2.6 |
| jamroom | jamroom | 4.1.5 |
| jamroom | jamroom | 3.0.19 |
| jamroom | jamroom | 3.2.0 |
| jamroom | jamroom | 4.1.4 |
| jamroom | jamroom | 3.1.0 |
| jamroom | jamroom | 3.0.12 |
| jamroom | jamroom | 3.1.1 |
| jamroom | jamroom | 3.0.26 |
| jamroom | jamroom | 3.3.5 |
| jamroom | jamroom | 3.0.10 |
| jamroom | jamroom | 3.2.4 |
| jamroom | jamroom | 3.0.1 |
| jamroom | jamroom | 4.1.3 |
| jamroom | jamroom | 3.2.5 |
| jamroom | jamroom | 4.0.6 |
| jamroom | jamroom | 4.1.6 |
| jamroom | jamroom | 2.6.10 |
| jamroom | jamroom | 3.0.17 |
| jamroom | jamroom | 3.0.27 |
| jamroom | jamroom | 4.0.4 |
| jamroom | jamroom | 3.0.11 |
| jamroom | jamroom | 4.1.7 |
| jamroom | jamroom | 4.0.2 |
| jamroom | jamroom | 3.0.8 |
| jamroom | jamroom | 3.0.9 |
| jamroom | jamroom | 4.1.2 |
| jamroom | jamroom | 3.0.16 |
| jamroom | jamroom | 3.2.3 |
Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jamroom | jamroom | * |
Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jamroom | search_module | * |
| jamroom | search_module | 1.0.0 |
Cross-site scripting (XSS) vulnerability in the Search module before 1.2.2 in Jamroom allows remote attackers to inject arbitrary web script or HTML via the query string to search/results/.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| jamroom | search_module | * |