2015-02-10
Secure Network releases the security advisory SN-15-01 for multiple vulnerabilities found in JForum.
SN-15-01: multiple vulnerabilities have been identified in JForum version 2.1.9 stable and its unofficial updated version 2.3.5, ranging from high-impact issues like Stored Cross-Site Scripting (XSS) and Remote Code Execution (RCE) to lower-impact ones like missing security flag for session cookie. Older versions may also be vulnerable.