CVE-2006-5503

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://securityreason.com/securityalert/1772
http://www.securityfocus.com/archive/1/449241/100/0/threaded
http://www.securityfocus.com/bid/20629	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/29690
http://securityreason.com/securityalert/1772
http://www.securityfocus.com/archive/1/449241/100/0/threaded
http://www.securityfocus.com/bid/20629	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/29690

Configurations

Configuration 1 (hide)

cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:19

Type	Values Removed	Values Added
References	~~() http://securityreason.com/securityalert/1772 -~~	() http://securityreason.com/securityalert/1772 -
References	~~() http://www.securityfocus.com/archive/1/449241/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/449241/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/20629 - Exploit~~	() http://www.securityfocus.com/bid/20629 - Exploit
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/29690 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/29690 -

Information

Published : 2006-10-25 22:07

Updated : 2024-11-21 00:19

NVD link : CVE-2006-5503

Mitre link : CVE-2006-5503

CVE.ORG link : CVE-2006-5503

JSON object : View

Products Affected

simple_machines

simple_machines_forum

CWE

NVD-CWE-Other

{"id": "CVE-2006-5503", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-10-25T22:07:00.000", "references": [{"url": "http://securityreason.com/securityalert/1772", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/449241/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/20629", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29690", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1772", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/449241/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/20629", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29690", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter."}, {"lang": "es", "value": "Vulnerabilidad en secuencias de comandos en sitios cruzados (XSS) en el archivo index.php en el Simple Machines Forum (SMF) 1.1 RC2 permite a atacantes remotos la inyecci\u00f3n de secuencia de comandos de Web o HTML mediante el par\u00e1metro de \"action\"."}], "lastModified": "2024-11-21T00:19:29.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3FA54F25-0EF9-40B1-A9B6-77F15DD27A71"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}