CVE-2007-0399

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.

Published: Jan 22, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0399
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
simple_machines / simple_machines_forum	1.1_rc3	1.1_rc3.x

http://aria-security.com/forum/showthread.php?p=128
http://osvdb.org/32606
http://securityreason.com/securityalert/2169
http://www.securityfocus.com/archive/1/457508/100/0/threaded
http://www.securityfocus.com/archive/1/457627/100/0/threaded
http://www.securityfocus.com/archive/1/457761/100/200/threaded
http://www.securityfocus.com/archive/1/458194/100/100/threaded
http://www.securityfocus.com/archive/1/458904/100/0/threaded
http://www.securityfocus.com/bid/22143
https://exchange.xforce.ibmcloud.com/vulnerabilities/31612

Vulnerability Database

289,784

CVE-2007-0399