Cross-Site Scripting Vulnerability in Simple Machines Forum by Simple Machines
CVE-2011-1129

Currently unrated

Key Information:

Vendor: Simplemachines
Status: Smf
Vendor: CVE Published:; 21 June 2011

🔔 Create Simplemachines Vulnerability Alert

What is CVE-2011-1129?

A vulnerability exists in the EditNews function of ManageNews.php within Simple Machines Forum that allows remote authenticated users to inject arbitrary scripts or HTML through the 'save_items' action. This cross-site scripting flaw can be exploited to compromise user data and web application integrity, making it a significant security concern for instances running unsupported versions.

References

http://www.openwall.com/lists/oss-security/2011/02/22/17

mailing-listx_refsource_MLIST

http://www.simplemachines.org/community/index.php?topic=4...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2011/03/02/4

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 21, 2011