This page lists publicly disclosed CVE vulnerabilities affecting simple_machines smf (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2012-5903 | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php. | [email protected] | 4.3 | 4.18% | 2012-11-17 | 2026-04-29 |
| CVE-2008-2019 | Simple Machines Forum (SMF), probably 1.1.4, relies on "randomly generated static" to hinder brute-force attacks on the WAV file (aka audio) CAPTCHA, which allows remote attackers to pass the CAPTCHA test via an automated attack that considers Hamming distances. NOTE: this issue reportedly exists because of an insufficient fix for CVE-2007-3308. | [email protected] | 7.5 | 4.59% | 2008-04-30 | 2026-04-23 |
| CVE-2006-6375 | Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. | [email protected] | 6.8 | 1.57% | 2006-12-07 | 2026-04-23 |
| CVE-2004-1996 | Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. | [email protected] | 4.3 | 0.40% | 2004-05-05 | 2026-04-16 |