CVE-2006-6375

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) versions 1.1 Final and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the contents of a file uploaded with the image parameter set. This can be interpreted as script by Internet Explorer's automatic type detection.

Recommendations For Simple Machines Forum (SMF) versions 1.1 Final and earlier, as a temporary workaround, consider restricting the upload of files with the image parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.