Description
Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
Exploits (1)
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449241/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1772
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20629
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29690
Scores
EPSS
0.0042
EPSS Percentile
61.8%
Details
Status
published
Products (1)
simple_machines/simple_machines_forum
1.1_rc2
Published
Oct 25, 2006
Tracked Since
Feb 18, 2026