{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2583","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-20T22:59:17.047Z","datePublished":"2025-03-21T06:31:06.127Z","dateUpdated":"2025-04-21T12:41:44.675Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-04-21T12:41:44.675Z"},"title":"SimpleMachines SMF ManageNews.php cross site scripting","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-79","lang":"en","description":"Cross Site Scripting"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"Code Injection"}]}],"affected":[{"vendor":"SimpleMachines","product":"SMF","versions":[{"version":"2.1.4","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in SimpleMachines SMF 2.1.4. It has been classified as problematic. This affects an unknown part of the file ManageNews.php. The manipulation of the argument subject/message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor does not declare this issue a security vulnerability due to authentication requirements before being able to access any feature in the software that allows file modification."},{"lang":"de","value":"Es wurde eine Schwachstelle in SimpleMachines SMF 2.1.4 ausgemacht. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei ManageNews.php. Dank Manipulation des Arguments subject/message mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.5,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2025-03-20T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-20T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-04-21T14:46:37.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Fewwords (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.300543","name":"VDB-300543 | SimpleMachines SMF ManageNews.php cross site scripting","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.300543","name":"VDB-300543 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.512001","name":"Submit #512001 | SimpleMachines SMF 2.1.4 Cross Site Scripting","tags":["third-party-advisory"]},{"url":"https://github.com/Fewword/Poc/blob/main/smf/smf-poc5.md","tags":["exploit"]},{"url":"https://github.com/Fewword/Poc/blob/main/smf/smf-poc6.md","tags":["exploit"]}],"tags":["disputed"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-21T12:46:42.953502Z","id":"CVE-2025-2583","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-21T12:47:00.508Z"}}]}}