CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 3CVE-2012-5903 – Simple Machines Forum (SMF) 2.0.2 - 'scheduled' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-5903
17 Nov 2012 — Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Simple Machines Forum (SMF) v2.0.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro programado a index.php. • https://www.exploit-db.com/exploits/37027 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-2385 – SMF Mod Member Awards 1.0.2 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2385
08 Jul 2009 — SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en la función awardsMembers en Sources/Profile.php en el componente Member Awards para Simple Machines Forum /SMF), permite a atacantes remotos ej... • https://www.exploit-db.com/exploits/9050 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1CVE-2008-2019
https://notcve.org/view.php?id=CVE-2008-2019
30 Apr 2008 — Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308. Simple Machines Forum (SMF), probablemente 1.1.4, se basa en "estática generada aleatoriamente" para obstaculizar ataques de fuerza bruta en el fichero WAV (también... • https://github.com/TheRook/AudioCaptchaBypass-CVE-2008-2019 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-0775
https://notcve.org/view.php?id=CVE-2008-0775
13 Feb 2008 — Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";". Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en sboxDB.php de Simple Machines Forum (SMF) Shoutbox de 1.14 a 1.16b. Permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de... • http://secunia.com/advisories/28900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0284
https://notcve.org/view.php?id=CVE-2008-0284
15 Jan 2008 — Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Simple Machines Forum (SMF) 1.1.4 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de argumentos (1) Itemid o (2) topic. • http://securityreason.com/securityalert/3540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 1%CPEs: 4EXPL: 0CVE-2006-6375
https://notcve.org/view.php?id=CVE-2006-6375
07 Dec 2006 — Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en display.php del Simple Machines Forum (SMF) 1.1 Final y versiones anteriores permite a atacantes remotos la inyec... • http://secunia.com/advisories/23175 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2004-1996 – Simple Machines Forum (SMF) 1.0 - Size Tag HTML Injection
https://notcve.org/view.php?id=CVE-2004-1996
05 May 2004 — Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. • https://www.exploit-db.com/exploits/24082 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2004-1827 – YABB SE 1.5.1 - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1827
15 Mar 2004 — Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. • https://www.exploit-db.com/exploits/23812 •