CVE-2008-0775

Name of the Vulnerable Software and Affected Versions Simple Machines Forum (SMF) Shoutbox versions 1.14 through 1.16b

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via specific strings to the shoutbox form. These strings must start with "&#", contain the desired script, and end with ";".

Recommendations For versions 1.14 through 1.16b, as a temporary workaround, consider restricting input to the shoutbox form to prevent injection of malicious scripts until a patch is available.