Vulnerability Database
296,822
Total vulnerabilities in the database
CVE-2008-5399
Cross-site scripting (XSS) vulnerability in the listonlineusers (aka "Who's online") component in mvnForum before 1.2.1 GA allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
| Software | From | Fixed in |
|---|---|---|
| mvnforum / mvnforum | 1.0.2.-ga | 1.0.2.-ga.x |
| mvnforum / mvnforum | 1.0.0-beta3 | 1.0.0-beta3.x |
| mvnforum / mvnforum | 1.1-ga | 1.1-ga.x |
| mvnforum / mvnforum | 1.0.0-beta2 | 1.0.0-beta2.x |
| mvnforum / mvnforum | 1.0.0-rc2 | 1.0.0-rc2.x |
| mvnforum / mvnforum | 1.0.0-rc4 | 1.0.0-rc4.x |
| mvnforum / mvnforum | - | 1.2.x |
| mvnforum / mvnforum | 1.0.0-beta1 | 1.0.0-beta1.x |
| mvnforum / mvnforum | 1.0.0-rc3_01 | 1.0.0-rc3_01.x |
| mvnforum / mvnforum | 1.0.0-rc1 | 1.0.0-rc1.x |
- http://osvdb.org/50403
- http://secunia.com/advisories/32931
- http://security.bkis.vn/?p=286
- http://securityreason.com/securityalert/4699
- http://www.mvnforum.com/mvnforum/viewthread_thread,4361
- http://www.mvnforum.com/mvnforum/viewthread_thread%2C4361
- http://www.securityfocus.com/archive/1/498872/100/0/threaded
- http://www.securityfocus.com/bid/32605
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime