CVE-2011-1129
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2011/02/22/17
- http://www.simplemachines.org/community/index.php?topic=421547.0
- http://www.openwall.com/lists/oss-security/2011/03/02/4
- http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
References
- http://www.openwall.com/lists/oss-security/2011/02/22/17
- http://www.simplemachines.org/community/index.php?topic=421547.0
- http://www.openwall.com/lists/oss-security/2011/03/02/4
- http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.