CVE-2008-0775

Simple Machines Smf Shoutbox - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".

References (6)

[Third Party Advisory] http://secunia.com/advisories/28900

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487912/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489964/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/491357/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27727

[Third Party Advisory] http://securityreason.com/securityalert/3651

Scores

EPSS 0.0047

EPSS Percentile 64.5%

Classification

CWE

CWE-79

Status draft

Affected Products (3)

simple_machines/smf_shoutbox

simple_machines/smf_shoutbox

simple_machines/smf_shoutbox

Timeline

Published Feb 14, 2008

Tracked Since Feb 18, 2026