Vulnerabilities > CVE-2006-5504 - Cross-Site Scripting vulnerability in Simple Machines Forum

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

simple-machines

NVD

Published: 2006-10-25

Updated: 2018-10-17

Summary

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.

Vulnerable Configurations

Part	Description	Count
Application	Simple_Machines Simple Machines Simple Machines Forum 1.0.5 Simple Machines Simple Machines Forum 1.0.6 Simple Machines Simple Machines Forum 1.0.7 Simple Machines Simple Machines Forum 1.1_Rc1 Simple Machines Simple Machines Forum 1.1_Rc2 Simple Machines Simple Machines Forum 1.1_Rc3	6

References

http://osvdb.org/31070
http://www.securityfocus.com/archive/1/449307/100/0/threaded
http://www.securityfocus.com/archive/1/449395/100/0/threaded
http://www.securityfocus.com/archive/1/449478/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/29689