CVE-2011-1129

Simplemachines Smf < 1.1.12 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.

References (4)

[Patch] http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip

[Patch] http://www.openwall.com/lists/oss-security/2011/02/22/17

[Patch] http://www.openwall.com/lists/oss-security/2011/03/02/4

[Patch] http://www.simplemachines.org/community/index.php?topic=421547.0

Scores

EPSS 0.0025

EPSS Percentile 48.3%

Classification

CWE

CWE-79

Status published

Affected Products (50)

simplemachines/smf < 1.1.12

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

simplemachines/smf

... and 35 more

Timeline

Published Jun 21, 2011

Tracked Since Feb 18, 2026