6.8
CVE-2006-6375
- EPSS 1.36%
- Veröffentlicht 07.12.2006 17:28:00
- Zuletzt bearbeitet 16.06.2026 22:32:59
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginCross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Simple Machines ≫ Smf Version1.0.9
Simple Machines ≫ Smf Version1.0_beta5p
Simple Machines ≫ Smf Version1.1_final
Simple Machines ≫ Smf Version1.1_rc3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.36% | 0.68 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://secunia.com/advisories/23175
http://securityreason.com/securityalert/2001
http://www.securityfocus.com/archive/1/453426/100/0/threaded
http://www.securityfocus.com/bid/21431
http://www.vupen.com/english/advisories/2006/4843
https://exchange.xforce.ibmcloud.com/vulnerabilities/30659