Vulnerabilities > Simple Machines
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-25 | CVE-2006-5504 | Cross-Site Scripting vulnerability in Simple Machines Forum Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter. network simple-machines | 4.3 |
| 2006-10-25 | CVE-2006-5503 | Cross-Site Scripting vulnerability in Simple Machines Simple Machines Forum 1.1Rc2 Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. network simple-machines | 4.3 |
| 2006-08-31 | CVE-2006-4467 | Directory Traversal vulnerability in Simple Machines Forum Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to perform directory traversal attacks to read arbitrary local files, lock topics, and possibly have other security impacts. | 7.5 |
| 2006-02-25 | CVE-2006-0896 | Cross-Site Scripting vulnerability in Simple Machines Simple Machines Forum 1.0.6 Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field. | 4.3 |
| 2005-09-07 | CVE-2005-2817 | Information Disclosure vulnerability in Simple Machines Simple Machines Forum 1.0.5 Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. | 5.0 |
| 2004-05-05 | CVE-2004-1996 | HTML Injection vulnerability in Simple Machines SMF 1.0Beta4.1/1.0Beta4P/1.0Beta5P Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. network simple-machines | 4.3 |