Lucene search

[email protected]CVE-2006-5504

HistoryOct 25, 2006 - 10:07 p.m.

CVE-2006-5504

2006-10-2522:07:00

[email protected]

web.nvd.nist.gov

cve-2006-5504

cross-site scripting

xss vulnerability

smf

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.0%

JSON

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.

Affected configurations

NVD

Node

simple_machinessimple_machines_forumMatch1.0.5

simple_machinessimple_machines_forumMatch1.0.6

simple_machinessimple_machines_forumMatch1.0.7

simple_machinessimple_machines_forumMatch1.1_rc1

simple_machinessimple_machines_forumMatch1.1_rc2

simple_machinessimple_machines_forumMatch1.1_rc3

CPENameOperatorVersion
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.5
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.6
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.0.7
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1_rc1
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1_rc2
simple_machines:simple_machines_forumsimple machines simple machines forumeq1.1_rc3

CPE	Name	Operator	Version
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.5
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.6
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.0.7
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1_rc1
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1_rc2
simple_machines:simple_machines_forum	simple machines simple machines forum	eq	1.1_rc3

References

osvdb.org/31070

www.securityfocus.com/archive/1/449307/100/0/threaded

www.securityfocus.com/archive/1/449395/100/0/threaded

www.securityfocus.com/archive/1/449478/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/29689

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.0%

JSON

Related for CVE-2006-5504

cvelist1 nvd1