5.4 Medium
AI Score
Confidence
High
6 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.3%
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
CPE | Name | Operator | Version |
---|---|---|---|
simple_machines:simple_machines_forum | simple machines simple machines forum | eq | 1.1_rc3 |
aria-security.com/forum/showthread.php?p=128
osvdb.org/32606
securityreason.com/securityalert/2169
www.securityfocus.com/archive/1/457508/100/0/threaded
www.securityfocus.com/archive/1/457627/100/0/threaded
www.securityfocus.com/archive/1/457761/100/200/threaded
www.securityfocus.com/archive/1/458194/100/100/threaded
www.securityfocus.com/archive/1/458904/100/0/threaded
www.securityfocus.com/bid/22143
exchange.xforce.ibmcloud.com/vulnerabilities/31612