| CVE-2012-5903 | | 0.03 | — | 0.02 | | Nov 17, 2012 | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. |
| CVE-2004-1996 | | 0.03 | — | 0.00 | | May 5, 2004 | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. |
| CVE-2004-1827 | | 0.03 | — | 0.01 | | Mar 15, 2004 | Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. |
| CVE-2008-2019 | | 0.00 | — | 0.05 | | Apr 30, 2008 | Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308. |
| CVE-2008-0284 | | 0.00 | — | 0.00 | | Jan 15, 2008 | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) Itemid or (2) topic arguments. |
| CVE-2006-6375 | | 0.00 | — | 0.02 | | Dec 7, 2006 | Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. |
