Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) prior to 1.1.13, and 2.x prior to 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simplemachines smf 1.1.6 |
||
simplemachines smf 1.1.5 |
||
simplemachines smf 1.1.7 |
||
simplemachines smf 1.1.8 |
||
simplemachines smf 1.1.9 |
||
simplemachines smf 1.0.9 |
||
simplemachines smf 1.0.8 |
||
simplemachines smf 1.0.7 |
||
simplemachines smf 1.0.6 |
||
simplemachines smf 1.1.1 |
||
simplemachines smf 1.1.2 |
||
simplemachines smf 1.1.3 |
||
simplemachines smf 1.0 |
||
simplemachines smf 1.1 |
||
simplemachines smf 1.1.10 |
||
simplemachines smf 1.0.12 |
||
simplemachines smf 1.0.10 |
||
simplemachines smf 1.0.15 |
||
simplemachines smf 1.0.4 |
||
simplemachines smf 1.0.2 |
||
simplemachines smf 1.0.14 |
||
simplemachines smf |
||
simplemachines smf 1.0.1 |
||
simplemachines smf 1.0.17 |
||
simplemachines smf 1.0.18 |
||
simplemachines smf 1.0.19 |
||
simplemachines smf 1.0.20 |
||
simplemachines smf 1.1.11 |
||
simplemachines smf 1.1.4 |
||
simplemachines smf 1.0.13 |
||
simplemachines smf 1.0.16 |
||
simplemachines smf 1.0.5 |
||
simplemachines smf 1.0.3 |
||
simplemachines smf 1.0.21 |
||
simplemachines smf 2.0 |