1. CVE-Search
  2. CVE-2007-0399
ID CVE-2007-0399
Summary Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.
References
Vulnerable Configurations
  • cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc3:*:*:*:*:*:*:*
    cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc3:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 16-10-2018 - 16:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
bid 22143
bugtraq
  • 20070120 SMF "index.php?action=pm" Cross Site-Scripting
  • 20070121 Re: SMF "index.php?action=pm" Cross Site-Scripting
  • 20070122 Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting
  • 20070126 Re: Re: Re: Re: SMF "index.php?action=pm" Cross Site-Scripting
  • 20070202 Re: SMF "index.php?action=pm" Cross Site-Scripting
misc http://aria-security.com/forum/showthread.php?p=128
osvdb 32606
sreason 2169
xf smf-pm-xss(31612)
Last major update 16-10-2018 - 16:32
Published 22-01-2007 - 18:28
Last modified 16-10-2018 - 16:32
Back to Top