Описание
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:simple_machines:smf:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:simple_machines:smf:1.0_beta5p:*:*:*:*:*:*:*
cpe:2.3:a:simple_machines:smf:1.1_final:*:*:*:*:*:*:*
cpe:2.3:a:simple_machines:smf:1.1_rc3:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.01631
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.
EPSS
Процентиль: 81%
0.01631
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other