Cross-Site Scripting Vulnerability in Simple Machines Forum 2.0.4
CVE-2013-7467

6.1MEDIUM

Key Information:

Vendor: Simplemachines
Status: Simple Machines Forum
Vendor: CVE Published:; 7 March 2019

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2013-7467?

The Simple Machines Forum (SMF) version 2.0.4 is vulnerable to Cross-Site Scripting (XSS) attacks due to improper validation of user-supplied input in the 'sa' parameter of the 'index.php?action=pm;sa=settings;save' URL. This flaw allows attackers to inject malicious scripts that could lead to unauthorized actions being performed on behalf of users, potentially compromising sensitive information and user sessions.

References

http://hauntit.blogspot.com/2013/04/en-smf-204-full-discl...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2019
Vulnerability Reserved
Feb 5, 2019