Vulnerabilities > CVE-2007-0399 - HTML Injection vulnerability in Simple Machines Simple Machines Forum 1.1Rc3

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
simple-machines
exploit available

Summary

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.

Vulnerable Configurations

Part Description Count
Application
Simple_Machines
1

Exploit-Db

descriptionSMF 1.1 Index.PHP HTML Injection Vulnerability. CVE-2007-0399. Webapps exploit for php platform
idEDB-ID:29499
last seen2016-02-03
modified2007-01-20
published2007-01-20
reporterAria-Security Team
sourcehttps://www.exploit-db.com/download/29499/
titleSMF 1.1 Index.PHP HTML Injection Vulnerability