CVE-2006-5504 - OpenCVE

Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Simple Machines	Simple Machines Forum

Configuration 1 [-]

OR	cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:::::::*
	cpe:2.3:a:simple_machines:simple_machines_forum:1.0.6:::::::*
	cpe:2.3:a:simple_machines:simple_machines_forum:1.0.7:::::::*
	cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc1:::::::*
	cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc2:::::::*
	cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc3:::::::*

References

Link	Resource
http://osvdb.org/31070
http://www.securityfocus.com/archive/1/449307/100/0/threaded
http://www.securityfocus.com/archive/1/449395/100/0/threaded
http://www.securityfocus.com/archive/1/449478/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/29689

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-25T22:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-10-25T00:00:00

Link: CVE-2006-5504

JSON object: View

NVD Information

Status : Modified

Published: 2006-10-25T22:07:00.000

Modified: 2018-10-17T21:43:38.067

Link: CVE-2006-5504

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20061020 Simple Machines Forum (SMF) XSS issue", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/449307/100/0/threaded"}, {"name": "31070", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/31070"}, {"name": "20061021 Re: Simple Machines Forum (SMF) XSS issue", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/449395/100/0/threaded"}, {"name": "20061022 Re: Simple Machines Forum (SMF) XSS issue", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/449478/100/0/threaded"}, {"name": "smf-base64-xss(29689)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29689"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5504", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20061020 Simple Machines Forum (SMF) XSS issue", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/449307/100/0/threaded"}, {"name": "31070", "refsource": "OSVDB", "url": "http://osvdb.org/31070"}, {"name": "20061021 Re: Simple Machines Forum (SMF) XSS issue", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/449395/100/0/threaded"}, {"name": "20061022 Re: Simple Machines Forum (SMF) XSS issue", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/449478/100/0/threaded"}, {"name": "smf-base64-xss(29689)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29689"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5504", "datePublished": "2006-10-25T22:00:00", "dateReserved": "2006-10-25T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "549FC613-BB72-42FD-AD04-0FAC2FC2A942", "vulnerable": true}, {"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "C1063E88-7F6D-4E42-B196-7292320C4F67", "vulnerable": true}, {"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "1F6A0089-3041-45E4-A1BB-F35A9039A12B", "vulnerable": true}, {"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "ABF69D49-AE48-4195-B958-A5D81AABD824", "vulnerable": true}, {"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "3FA54F25-0EF9-40B1-A9B6-77F15DD27A71", "vulnerable": true}, {"criteria": "cpe:2.3:a:simple_machines:simple_machines_forum:1.1_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "CE14DC75-497A-4794-9260-E2A1291C9C6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php in Simple Machines Forum (SMF) allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter."}, {"lang": "es", "value": "Vulnerabilidad en secuencias de comandos en sitios cruzados (XSS) en el archivo index.php en el Simple Machines Forum (SMF) permite a atacantes remotos la inyecci\u00f3n de secuencia de comandos de Web o HTML mediante el valor en el par\u00e1metro de \"action\" codificado en Base64."}], "id": "CVE-2006-5504", "lastModified": "2018-10-17T21:43:38.067", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-10-25T22:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/31070"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449307/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449395/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/449478/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29689"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}