CVE-2013-7236

Simple Machines Forum <2.0.6-1.1.19 - XSS

Title source: llm
STIX 2.1

Description

Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/30/1
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/30/3
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2013/Dec/83

Scores

EPSS 0.0153
EPSS Percentile 71.7%

Details

CWE
CWE-20
Status published
Products (37)
simplemachines/simple_machines_forum 1.0 (7 CPE variants)
simplemachines/simple_machines_forum 1.0.1
simplemachines/simple_machines_forum 1.0.2
simplemachines/simple_machines_forum 1.0.3
simplemachines/simple_machines_forum 1.0.4
simplemachines/simple_machines_forum 1.0.5
simplemachines/simple_machines_forum 1.0.6
simplemachines/simple_machines_forum 1.0.7
simplemachines/simple_machines_forum 1.0.8
simplemachines/simple_machines_forum 1.0.9
... and 27 more
Published Apr 29, 2014
Tracked Since Feb 18, 2026