CVE-2007-0399
SMF 1.1 RC3 exposes multiple XSS flaws in index.php during the PM “send” action. Infected input (recipient/BCC fields) can inject arbitrary script/HTML in the context of an authenticated user. Affected: Simple Machines Forum (SMF), version 1.1 RC3; vulnerability arises in the PM sending workflow....