Lucene search

[email protected]CVE-2006-5503

HistoryOct 25, 2006 - 10:07 p.m.

CVE-2006-5503

2006-10-2522:07:00

[email protected]

web.nvd.nist.gov

smf

xss

vulnerability

web script

html

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Affected configurations

NVD

Node

simple_machinessimple_machines_forumMatch1.1_rc2

CPENameOperatorVersion
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1_rc2

CPE	Name	Operator	Version
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1_rc2

References

securityreason.com/securityalert/1772

www.securityfocus.com/archive/1/449241/100/0/threaded

www.securityfocus.com/bid/20629

exchange.xforce.ibmcloud.com/vulnerabilities/29690

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2006-5503

cvelist1 nvd1