CVE-2007-0399

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) version 1.1 RC3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the index.php file of Simple Machines Forum (SMF). These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. This can be achieved via the recipient or BCC field when selecting send in a pm action.

Recommendations For Simple Machines Forum (SMF) version 1.1 RC3, consider disabling the pm action functionality until a patch is available to prevent exploitation of the XSS vulnerabilities in the recipient and BCC fields. Restrict access to the index.php file to minimize the risk of arbitrary web script or HTML injection.