CVE-2008-0775

2008-02-1323:00:00

mitre

www.cve.org

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

65.8%

JSON

Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with “&#”, contain the desired script, and end with “;”.

References

secunia.com/advisories/28900

securityreason.com/securityalert/3651

www.securityfocus.com/archive/1/487912/100/0/threaded

www.securityfocus.com/archive/1/489964/100/0/threaded

www.securityfocus.com/archive/1/491357/100/0/threaded

www.securityfocus.com/bid/27727