CVE-2025-2583
SimpleMachines SMF ManageNews.php cross site scripting
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
SimpleMachines SMF ManageNews.php cross site scripting
A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification.
Es wurde eine Schwachstelle in SimpleMachines SMF 2.1.4 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei ManageNews.php. Dank Manipulation des Arguments subject/message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt.
| 2025-03-20: | Advisory disclosed |
| 2025-03-20: | VulDB entry created |
| 2025-04-21: | VulDB entry last update |
Fewwords (VulDB User)
vuldb.com/?id.300543 (VDB-300543 | SimpleMachines SMF ManageNews.php cross site scripting)
vuldb.com/?ctiid.300543 (VDB-300543 | CTI Indicators (IOB, IOC, TTP, IOA))
vuldb.com/?submit.512001 (Submit #512001 | SimpleMachines SMF 2.1.4 Cross Site Scripting)
github.com/Fewword/Poc/blob/main/smf/smf-poc5.md
github.com/Fewword/Poc/blob/main/smf/smf-poc6.md
Support options
