Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for smf_shoutbox by simple_machines

    CVE-2008-0775 (GCVE-0-2008-0775)

    Vulnerability from nvd – Published: 2008-02-13 23:00 – Updated: 2024-08-07 07:54
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/28900 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/491357/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/489964/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/487912/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/27727 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3651 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:54:23.382Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28900",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28900"
              },
              {
                "name": "20080422 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491357/100/0/threaded"
              },
              {
                "name": "20080321 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489964/100/0/threaded"
              },
              {
                "name": "20080210 Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487912/100/0/threaded"
              },
              {
                "name": "27727",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27727"
              },
              {
                "name": "3651",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3651"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with \"\u0026#\", contain the desired script, and end with \";\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28900",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28900"
            },
            {
              "name": "20080422 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/491357/100/0/threaded"
            },
            {
              "name": "20080321 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489964/100/0/threaded"
            },
            {
              "name": "20080210 Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487912/100/0/threaded"
            },
            {
              "name": "27727",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27727"
            },
            {
              "name": "3651",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3651"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0775",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with \"\u0026#\", contain the desired script, and end with \";\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28900",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28900"
                },
                {
                  "name": "20080422 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/491357/100/0/threaded"
                },
                {
                  "name": "20080321 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489964/100/0/threaded"
                },
                {
                  "name": "20080210 Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487912/100/0/threaded"
                },
                {
                  "name": "27727",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27727"
                },
                {
                  "name": "3651",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3651"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0775",
        "datePublished": "2008-02-13T23:00:00.000Z",
        "dateReserved": "2008-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:54:23.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-0775 (GCVE-0-2008-0775)

    Vulnerability from cvelistv5 – Published: 2008-02-13 23:00 – Updated: 2024-08-07 07:54
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with "&#", contain the desired script, and end with ";".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://secunia.com/advisories/28900 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/archive/1/491357/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/489964/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/487912/100… mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/27727 vdb-entryx_refsource_BID
    http://securityreason.com/securityalert/3651 third-party-advisoryx_refsource_SREASON
    Date Public
    2008-01-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:54:23.382Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "28900",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/28900"
              },
              {
                "name": "20080422 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/491357/100/0/threaded"
              },
              {
                "name": "20080321 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/489964/100/0/threaded"
              },
              {
                "name": "20080210 Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/487912/100/0/threaded"
              },
              {
                "name": "27727",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27727"
              },
              {
                "name": "3651",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3651"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with \"\u0026#\", contain the desired script, and end with \";\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "28900",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/28900"
            },
            {
              "name": "20080422 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/491357/100/0/threaded"
            },
            {
              "name": "20080321 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/489964/100/0/threaded"
            },
            {
              "name": "20080210 Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/487912/100/0/threaded"
            },
            {
              "name": "27727",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27727"
            },
            {
              "name": "3651",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3651"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0775",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple Machines Forum (SMF) Shoutbox 1.14 through 1.16b allows remote attackers to inject arbitrary web script or HTML via strings to the shoutbox form that start with \"\u0026#\", contain the desired script, and end with \";\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "28900",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/28900"
                },
                {
                  "name": "20080422 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/491357/100/0/threaded"
                },
                {
                  "name": "20080321 Re: Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/489964/100/0/threaded"
                },
                {
                  "name": "20080210 Simple Machines Forum \"SMF Shoutbox\" Mod Persistent XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/487912/100/0/threaded"
                },
                {
                  "name": "27727",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27727"
                },
                {
                  "name": "3651",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3651"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0775",
        "datePublished": "2008-02-13T23:00:00.000Z",
        "dateReserved": "2008-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:54:23.382Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }