Lucene search
MitreCVE-2011-1129HistoryJun 21, 2011 - 2:52 a.m.
CVE-2011-1129
2011-06-2102:52:42
CWE-79
mitre
web.nvd.nist.gov
27
cve-2011-1129
cross-site scripting
xss
smf
vulnerability
web script
html
nvd
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
41.8%
Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.
Affected configurations
Node
simplemachinessmfRange≤1.1.12
ORsimplemachinessmfMatch1.0
ORsimplemachinessmfMatch1.0beta4
ORsimplemachinessmfMatch1.0beta4.1
ORsimplemachinessmfMatch1.0beta5
ORsimplemachinessmfMatch1.0beta6
ORsimplemachinessmfMatch1.0rc1
ORsimplemachinessmfMatch1.0rc2
ORsimplemachinessmfMatch1.0.1
ORsimplemachinessmfMatch1.0.2
ORsimplemachinessmfMatch1.0.3
ORsimplemachinessmfMatch1.0.4
ORsimplemachinessmfMatch1.0.5
ORsimplemachinessmfMatch1.0.6
ORsimplemachinessmfMatch1.0.7
ORsimplemachinessmfMatch1.0.8
ORsimplemachinessmfMatch1.0.9
ORsimplemachinessmfMatch1.0.10
ORsimplemachinessmfMatch1.0.12
ORsimplemachinessmfMatch1.0.13
ORsimplemachinessmfMatch1.0.14
ORsimplemachinessmfMatch1.0.15
ORsimplemachinessmfMatch1.0.16
ORsimplemachinessmfMatch1.0.17
ORsimplemachinessmfMatch1.0.18
ORsimplemachinessmfMatch1.0.19
ORsimplemachinessmfMatch1.0.20
ORsimplemachinessmfMatch1.0.21
ORsimplemachinessmfMatch1.1
ORsimplemachinessmfMatch1.1beta1
ORsimplemachinessmfMatch1.1beta2
ORsimplemachinessmfMatch1.1beta3
ORsimplemachinessmfMatch1.1beta4
ORsimplemachinessmfMatch1.1rc1
ORsimplemachinessmfMatch1.1rc2
ORsimplemachinessmfMatch1.1rc3
ORsimplemachinessmfMatch1.1.1
ORsimplemachinessmfMatch1.1.2
ORsimplemachinessmfMatch1.1.3
ORsimplemachinessmfMatch1.1.4
ORsimplemachinessmfMatch1.1.5
ORsimplemachinessmfMatch1.1.6
ORsimplemachinessmfMatch1.1.7
ORsimplemachinessmfMatch1.1.8
ORsimplemachinessmfMatch1.1.9
ORsimplemachinessmfMatch1.1.10
ORsimplemachinessmfMatch1.1.11
Node
simplemachinessmfMatch2.0beta1
ORsimplemachinessmfMatch2.0beta2
ORsimplemachinessmfMatch2.0beta2.1
ORsimplemachinessmfMatch2.0beta3
ORsimplemachinessmfMatch2.0beta3.1
ORsimplemachinessmfMatch2.0beta4
ORsimplemachinessmfMatch2.0rc1
ORsimplemachinessmfMatch2.0rc2
ORsimplemachinessmfMatch2.0rc3
ORsimplemachinessmfMatch2.0rc4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| simplemachines | smf | * | cpe:2.3:a:simplemachines:smf:*:*:*:*:*:*:*:* |
| simplemachines | smf | 1.0 | cpe:2.3:a:simplemachines:smf:1.0:*:*:*:*:*:*:* |
| simplemachines | smf | 1.0 | cpe:2.3:a:simplemachines:smf:1.0:beta4:*:*:*:*:*:* |
| simplemachines | smf | 1.0 | cpe:2.3:a:simplemachines:smf:1.0:beta4.1:*:*:*:*:*:* |
| simplemachines | smf | 1.0 | cpe:2.3:a:simplemachines:smf:1.0:beta5:*:*:*:*:*:* |
| simplemachines | smf | 1.0 | cpe:2.3:a:simplemachines:smf:1.0:beta6:*:*:*:*:*:* |
| simplemachines | smf | 1.0 | cpe:2.3:a:simplemachines:smf:1.0:rc1:*:*:*:*:*:* |
| simplemachines | smf | 1.0 | cpe:2.3:a:simplemachines:smf:1.0:rc2:*:*:*:*:*:* |
| simplemachines | smf | 1.0.1 | cpe:2.3:a:simplemachines:smf:1.0.1:*:*:*:*:*:*:* |
| simplemachines | smf | 1.0.2 | cpe:2.3:a:simplemachines:smf:1.0.2:*:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2011-06-21 02:52:00
cvelist
cvelist
CVE-2011-1129
2011-06-21 01:00:00
nvd
nvd
CVE-2011-1129
2011-06-21 02:52:42
openvas
openvas
Simple Machines Forum Multiple Vulnerabilities
2011-06-24 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.001
Percentile
41.8%
Related for CVE-2011-1129