CNNVD-202512-3410 Information

CNNVD ID

CNNVD-202512-3410

Related CVE

CVE-2025-67163

• CNNVD Published: 2025-12-18

Description (Chinese)

Simple Machines Forum（SMF）是美国SMF团队的一套开源的网络论坛系统。 Simple Machines Forum 2.1.6版本存在安全漏洞，该漏洞源于对Forum Name参数的特制输入处理不当，可能导致存储型跨站脚本攻击。

Description (English)

The Simple Machines Forum (SMF) is an open-source web forum system for the United States SMF team. There is a security loophole in version 2.1.6 of the Simple Machines Forum, which arises from inappropriately processed ad hoc input of Forum Name parameters, which may result in a storage-type cross-site script attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

SMF

Published

2025-12-18

Last Modified

2026-02-24

References

https://github.com/SimpleMachines/SMF https://github.com/SimpleMachines/SMF/blob/release-3.0/Themes/default/Stats.template.php#L26 https://github.com/SimpleMachines/SMF/security/advisories/GHSA-p2xm-x9fp-5r7x https://github.com/mbiesiad/vulnerability-research/tree/main/CVE-2025-67163 https://wiki.simplemachines.org/smf/Installing