[code]Vendor: http://www.simplemachines.org/
Severity: Medium
Author: The:Paradox
Italy r0x.
------------------------------------------------------------------------------------------------
The attachments filename is not "htmlspecialcharsed".
So we can attach a file with a "malicious name".
As example, this could be an "evil" filename for an attachment:
------------------------------------------------------------------------------------------------
<body onload=document.write(String.fromCharCode(Some char values...))>1.txt
------------------------------------------------------------------------------------------------

Use your brain, do not lame. Enjoy. =)[/code]SMF 1.1.4 Permanent Html Injection

Source viewer

Source viewer By ArmonyPHP Powered by phpBB © phpBB Group Design by phpBBStyles.com | Styles Database. Style by TD Creative for DooBDee.net.