CVE-2006-6375
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.
Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en display.php del Simple Machines Forum (SMF) 1.1 Final y versiones anteriores permite a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través del contenido de un fichero que se carga con el parámetro image establecido y que puede ser interpretado como una secuencia de comandos por la detección automática de tipos del Internet Explorer.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-12-07 CVE Reserved
- 2006-12-07 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/2001 | Third Party Advisory | |
| http://www.securityfocus.com/archive/1/453426/100/0/threaded | Mailing List | |
| http://www.vupen.com/english/advisories/2006/4843 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30659 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/23175 | 2018-10-17 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/21431 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Simple Machines Search vendor "Simple Machines" | Smf Search vendor "Simple Machines" for product "Smf" | 1.0.9 Search vendor "Simple Machines" for product "Smf" and version "1.0.9" | - |
Affected
| ||||||
| Simple Machines Search vendor "Simple Machines" | Smf Search vendor "Simple Machines" for product "Smf" | 1.0_beta5p Search vendor "Simple Machines" for product "Smf" and version "1.0_beta5p" | - |
Affected
| ||||||
| Simple Machines Search vendor "Simple Machines" | Smf Search vendor "Simple Machines" for product "Smf" | 1.1_final Search vendor "Simple Machines" for product "Smf" and version "1.1_final" | - |
Affected
| ||||||
| Simple Machines Search vendor "Simple Machines" | Smf Search vendor "Simple Machines" for product "Smf" | 1.1_rc3 Search vendor "Simple Machines" for product "Smf" and version "1.1_rc3" | - |
Affected
| ||||||