CVE-2007-0399

Simple Machines Forum - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aria-Security Team · textwebappsphp

https://www.exploit-db.com/exploits/29499

View Code ZIP pw:eip

References (10)

[Third Party Advisory, VDB Entry] http://osvdb.org/32606

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31612

[Various Sources] http://aria-security.com/forum/showthread.php?p=128

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/457508/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/457627/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/457761/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/458194/100/100/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/458904/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/22143

[Third Party Advisory] http://securityreason.com/securityalert/2169

Scores

EPSS 0.0152

EPSS Percentile 81.0%

Classification

Status draft

Affected Products (1)

simple_machines/simple_machines_forum

Timeline

Published Jan 22, 2007

Tracked Since Feb 18, 2026