Cross site scripting

2008-02-1400:00:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.4%

JSON

Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with “&#”, contain the desired script, and end with “;”.

CPENameOperatorVersion
smf_shoutboxeq1.15
smf_shoutboxeq1.14
smf_shoutboxeq1.16.98

Name	Operator	Version
smf_shoutbox	eq	1.15
smf_shoutbox	eq	1.14
smf_shoutbox	eq	1.16.98

References

secunia.com/advisories/28900

securityreason.com/securityalert/3651

www.securityfocus.com/archive/1/487912/100/0/threaded

www.securityfocus.com/archive/1/489964/100/0/threaded

www.securityfocus.com/archive/1/491357/100/0/threaded

www.securityfocus.com/bid/27727