The provided text describes a cross-site scripting (XSS) vulnerability in SMF (Simple Machines Forum) 2.0.2, where user-supplied input is not properly sanitized. The vulnerability can be exploited via a crafted URL parameter, allowing arbitrary script execution in the context of the affected site.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:SMF 2.0.2
No auth needed
Prerequisites:Access to the target SMF instance · Ability to craft a malicious URL