Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2007-05-09	CVE-2007-2546	Improper Authentication vulnerability in Simple Machines Simple Machines Forum Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. network simple-machines CWE-287	6.8
2007-01-22	CVE-2007-0399	HTML Injection vulnerability in Simple Machines Simple Machines Forum 1.1Rc3 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action. network simple-machines	6.0
2006-12-07	CVE-2006-6375	HTML Injection vulnerability in SMF Image File Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. network simple-machines	6.8
2006-10-25	CVE-2006-5504	Cross-Site Scripting vulnerability in Simple Machines Forum Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter. network simple-machines	4.3
2006-10-25	CVE-2006-5503	Cross-Site Scripting vulnerability in Simple Machines Simple Machines Forum 1.1Rc2 Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter. network simple-machines	4.3
2006-02-25	CVE-2006-0896	Cross-Site Scripting vulnerability in Simple Machines Simple Machines Forum 1.0.6 Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field. network simple-machines CWE-79	4.3
2005-09-07	CVE-2005-2817	Information Disclosure vulnerability in Simple Machines Simple Machines Forum 1.0.5 Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. network low complexity simple-machines	5.0
2004-05-05	CVE-2004-1996	HTML Injection vulnerability in Simple Machines SMF 1.0Beta4.1/1.0Beta4P/1.0Beta5P Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. network simple-machines	4.3