Page 5 of 22 results (0.004 seconds)

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field. Simple Machines Forum, or SMF, version 1.0.6 is susceptible to a cross site scripting vulnerable in the X-Forwarded-For directive that can be used to commit attacks against an administrator. • http://attrition.org/pipermail/vim/2006-April/000682.html http://evuln.com/vulns/86/summary.html http://secunia.com/advisories/19004 http://securityreason.com/securityalert/545 http://www.osvdb.org/23480 http://www.securityfocus.com/archive/1/426824/100/0/threaded http://www.securityfocus.com/bid/16841 http://www.simplemachines.org/community/index.php?topic=78841.0 http://www.vupen.com/english/advisories/2006/0726 https://exchange.xforce.ibmcloud.com/vulnerabilities/24915 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor ** DISPUTADA ** El fabricante y terceras partes han disputado este asunto. • http://archives.neohapsis.com/archives/bugtraq/2005-12/0090.html http://www.securityfocus.com/archive/1/419068/100/0/threaded http://www.securityfocus.com/archive/1/419105/100/0/threaded http://www.securityfocus.com/archive/1/419250/100/0/threaded http://www.securityfocus.com/archive/1/419535/100/0/threaded http://www.securityfocus.com/bid/15791 https://exchange.xforce.ibmcloud.com/vulnerabilities/23546 •