4 matches found
CVE-2008-2019
SMF (likely version ~1.1.4) is vulnerable due to a weak WAV CAPTCHA generation that relies on insufficient randomness, allowing automated brute-force bypass of the CAPTCHA. Root cause points to an insufficient fix for CVE-2007-3308; exploitation status and exact patch details are not provided in ...
CVE-2012-5903
The CVE-2012-5903 entry concerns the Simple Machines Forum (SMF) product, specifically version 2.0.2. The vulnerability is a Cross-Site Scripting (XSS) flaw in the scheduled parameter handling of index.php, enabling remote attackers to inject arbitrary web script or HTML. The root cause is an XSS...
CVE-2004-1996
The CVE-2004-1996 issue concerns Simple Machines Forum (SMF) 1.0, where an XSS vulnerability exists in the size tag that could allow remote attackers to inject arbitrary script in web pages. References across NVD/CVE records confirm the vulnerable component is SMF 1.0 and the root cause is improp...
CVE-2006-6375
CVE-2006-6375 is a cross-site scripting (XSS) flaw in display.php of Simple Machines Forum (SMF) 1.1 Final and earlier. The vulnerability allows remote attackers to inject arbitrary script/HTML via the contents of a file uploaded with the image parameter, which can be interpreted as script by Int...