CVE-2011-1129

Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
simplemachinessmf
𝑥
≤ 1.1.12
simplemachinessmf
1.0
simplemachinessmf
1.0:beta4
simplemachinessmf
1.0:beta4.1
simplemachinessmf
1.0:beta5
simplemachinessmf
1.0:beta6
simplemachinessmf
1.0:rc1
simplemachinessmf
1.0:rc2
simplemachinessmf
1.0.1
simplemachinessmf
1.0.2
simplemachinessmf
1.0.3
simplemachinessmf
1.0.4
simplemachinessmf
1.0.5
simplemachinessmf
1.0.6
simplemachinessmf
1.0.7
simplemachinessmf
1.0.8
simplemachinessmf
1.0.9
simplemachinessmf
1.0.10
simplemachinessmf
1.0.12
simplemachinessmf
1.0.13
simplemachinessmf
1.0.14
simplemachinessmf
1.0.15
simplemachinessmf
1.0.16
simplemachinessmf
1.0.17
simplemachinessmf
1.0.18
simplemachinessmf
1.0.19
simplemachinessmf
1.0.20
simplemachinessmf
1.0.21
simplemachinessmf
1.1
simplemachinessmf
1.1:beta1
simplemachinessmf
1.1:beta2
simplemachinessmf
1.1:beta3
simplemachinessmf
1.1:beta4
simplemachinessmf
1.1:rc1
simplemachinessmf
1.1:rc2
simplemachinessmf
1.1:rc3
simplemachinessmf
1.1.1
simplemachinessmf
1.1.2
simplemachinessmf
1.1.3
simplemachinessmf
1.1.4
simplemachinessmf
1.1.5
simplemachinessmf
1.1.6
simplemachinessmf
1.1.7
simplemachinessmf
1.1.8
simplemachinessmf
1.1.9
simplemachinessmf
1.1.10
simplemachinessmf
1.1.11
simplemachinessmf
2.0:beta1
simplemachinessmf
2.0:beta2
simplemachinessmf
2.0:beta2.1
simplemachinessmf
2.0:beta3
simplemachinessmf
2.0:beta3.1
simplemachinessmf
2.0:beta4
simplemachinessmf
2.0:rc1
simplemachinessmf
2.0:rc2
simplemachinessmf
2.0:rc3
simplemachinessmf
2.0:rc4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
http://www.openwall.com/lists/oss-security/2011/02/22/17
http://www.openwall.com/lists/oss-security/2011/03/02/4
http://www.simplemachines.org/community/index.php?topic=421547.0
http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
http://www.openwall.com/lists/oss-security/2011/02/22/17
http://www.openwall.com/lists/oss-security/2011/03/02/4
http://www.simplemachines.org/community/index.php?topic=421547.0