Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1129

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2011-1129
Last Modified 29 Jun 2011 12:00:00
Published 20 Jun 2011 10:52:42
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-1129

Summary

Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.

Vulnerable Systems

Application

  • Simplemachines Smf 1.0

  • Simplemachines Smf 1.0.1

  • Simplemachines Smf 1.0.10

  • Simplemachines Smf 1.0.12

  • Simplemachines Smf 1.0.13

  • Simplemachines Smf 1.0.14

  • Simplemachines Smf 1.0.15

  • Simplemachines Smf 1.0.16

  • Simplemachines Smf 1.0.17

  • Simplemachines Smf 1.0.18

  • Simplemachines Smf 1.0.19

  • Simplemachines Smf 1.0.2

  • Simplemachines Smf 1.0.20

  • Simplemachines Smf 1.0.21

  • Simplemachines Smf 1.0.3

  • Simplemachines Smf 1.0.4

  • Simplemachines Smf 1.0.5

  • Simplemachines Smf 1.0.6

  • Simplemachines Smf 1.0.7

  • Simplemachines Smf 1.0.8

  • Simplemachines Smf 1.0.9

  • Simplemachines Smf 1.1

  • Simplemachines Smf 1.1.1

  • Simplemachines Smf 1.1.10

  • Simplemachines Smf 1.1.11

  • Simplemachines Smf 1.1.12

  • Simplemachines Smf 1.1.2

  • Simplemachines Smf 1.1.3

  • Simplemachines Smf 1.1.4

  • Simplemachines Smf 1.1.5

  • Simplemachines Smf 1.1.6

  • Simplemachines Smf 1.1.7

  • Simplemachines Smf 1.1.8

  • Simplemachines Smf 1.1.9

  • Simplemachines Smf 2.0


References

CONFIRM - http://www.simplemachines.org/community/index.php?topic=421547.0

MLIST - [oss-security] 20110302 Re: CVE request: simple machines forum before 1.1.13

MLIST - [oss-security] 20110222 CVE request: simple machines forum before 1.1.13

CONFIRM - http://custom.simplemachines.org/mods/downloads/smf_patch_2.0-RC4_security.zip


Last Updated: 27 May 2016 10:56:11