CVE Vulnerability

CVE-2007-0399

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.

6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.8 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://aria-security.com/forum/showthread.php?p=128
http://www.securityfocus.com/bid/22143
http://securityreason.com/securityalert/2169
http://osvdb.org/32606
https://exchange.xforce.ibmcloud.com/vulnerabilities/31612
http://www.securityfocus.com/archive/1/458904/100/0/threaded
http://www.securityfocus.com/archive/1/458194/100/100/threaded
http://www.securityfocus.com/archive/1/457761/100/200/threaded
http://www.securityfocus.com/archive/1/457627/100/0/threaded
http://www.securityfocus.com/archive/1/457508/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc3:*:*:*:*:*:*:*
Information

Published : 2007-01-22 06:28

Updated : 2018-10-16 04:32

NVD link : CVE-2007-0399

Mitre link : CVE-2007-0399

Products Affected
No products.
CWE
NVD-CWE-Other