Friday, 31 January 2014

[EN] Simple Machine Forum (SMF) 2.0.7 - XSS

In latest version of SMF I found a tricky XSS vulnerability.

As the vendor said, this is a low priority, because it can be exploited
only when admin user is logged in.

Post will be updated after patch release (in new version).


What do You think...?