Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0775

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0775
Last Modified 01 Sep 2009 01:13:10
Published 13 Feb 2008 07:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0775

Summary

Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".

Vulnerable Systems

Application

  • Simple Machines Smf Shoutbox 1.14

  • Simple Machines Smf Shoutbox 1.15

  • Simple Machines Smf Shoutbox 1.16b


References

BID - 27727

BUGTRAQ - 20080422 Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS

BUGTRAQ - 20080321 Re: Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS

BUGTRAQ - 20080210 Simple Machines Forum "SMF Shoutbox" Mod Persistent XSS

SREASON - 3651

SECUNIA - 28900


Last Updated: 27 May 2016 10:46:56