Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorers automatic type detection.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Smf | Simple_machines | 1.0.9 | 1.0.9 |
Smf | Simple_machines | 1.1_rc3 | 1.1_rc3 |
Smf | Simple_machines | 1.0_beta5p | 1.0_beta5p |
Smf | Simple_machines | 1.1_final | 1.1_final |