Unrated severityNVD Advisory· Published Dec 7, 2006· Updated Jun 16, 2026
CVE-2006-6375
CVE-2006-6375
Description
Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection.
Affected products
5cpe:2.3:a:simple_machines:smf:1.0.9:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:simple_machines:smf:1.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:simple_machines:smf:1.0_beta5p:*:*:*:*:*:*:*
- cpe:2.3:a:simple_machines:smf:1.1_final:*:*:*:*:*:*:*
- cpe:2.3:a:simple_machines:smf:1.1_rc3:*:*:*:*:*:*:*
- Range: <=1.1 Final
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.