VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Jun 21, 2011· Updated Apr 29, 2026

CVE-2011-1129

CVE-2011-1129

Description

Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.

Affected products

57
  • Simplemachines/Smf57 versions
    cpe:2.3:a:simplemachines:smf:*:*:*:*:*:*:*:*+ 56 more
    • cpe:2.3:a:simplemachines:smf:*:*:*:*:*:*:*:*range: <=1.1.12
    • cpe:2.3:a:simplemachines:smf:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.17:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.18:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.19:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.20:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.21:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0:beta4.1:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0:beta5:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0:beta6:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1:beta1:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1:beta2:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1:beta3:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1:beta4:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1:rc1:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1:rc2:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:1.1:rc3:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:beta2.1:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:beta3.1:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:beta4:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:rc3:*:*:*:*:*:*
    • cpe:2.3:a:simplemachines:smf:2.0:rc4:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.