CVE-2025-2582
SimpleMachines SMF ManageAttachments.php cross site scripting
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
SimpleMachines SMF ManageAttachments.php cross site scripting
A vulnerability was found in SimpleMachines SMF 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the file ManageAttachments.php. The manipulation of the argument Notice leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.
Eine Schwachstelle wurde in SimpleMachines SMF 2.1.4 gefunden. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei ManageAttachments.php. Dank der Manipulation des Arguments Notice mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. Bisher konnte die Existenz der vermeintlichen Schwachstelle noch nicht eindeutig nachgewiesen werden.
| 2025-03-20: | Advisory disclosed |
| 2025-03-20: | VulDB entry created |
| 2025-04-21: | VulDB entry last update |
Fewwords (VulDB User)
vuldb.com/?id.300542 (VDB-300542 | SimpleMachines SMF ManageAttachments.php cross site scripting)
vuldb.com/?ctiid.300542 (VDB-300542 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.511999 (Submit #511999 | SimpleMachines SMF 2.1.4 Cross Site Scripting)
github.com/Fewword/Poc/blob/main/smf/smf-poc3.md
github.com/Fewword/Poc/blob/main/smf/smf-poc4.md
Support options
