- Description
- Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple_machines:smf:1.0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54C4926E-79EE-4555-989D-09E5C4A2F30F"
},
{
"criteria": "cpe:2.3:a:simple_machines:smf:1.0_beta5p:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA2704A4-A615-416C-9B6F-13165EDEBC37"
},
{
"criteria": "cpe:2.3:a:simple_machines:smf:1.1_final:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "991FBFDC-99FD-4441-B900-EF9717E7212B"
},
{
"criteria": "cpe:2.3:a:simple_machines:smf:1.1_rc3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C351B05-9143-48C8-ABC8-D3843D327617"
}
],
"operator": "OR"
}
]
}
]