CVE-2014-3149
Summary
| CVE | CVE-2014-3149 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-07-03 14:55:00 UTC |
| Updated | 2020-06-03 14:54:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | alpha1 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | alpha2 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | beta1 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | beta2 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | beta3 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | beta4 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.1 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.2 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.3 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.4 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | alpha1 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta1 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta2 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta3 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta4 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta5 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.1 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.2 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.3 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.4 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.5 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.6 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | alpha1 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | alpha2 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | beta1 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | beta2 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | beta3 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.0 | beta4 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.1 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.2 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.3 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.3.4 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | alpha1 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta1 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta2 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta3 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta4 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.0 | beta5 | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.1 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.2 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.3 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.4 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.5 | All | All | All |
| Application | Invisioncommunity | Invision Power Board | 3.4.6 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.0 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.1 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.2 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.3 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.4 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.5 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.6 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.7 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.8 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.9 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.0 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.1 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.2 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.3 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.4 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.5 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.6 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.7 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.8 | All | All | All |
| Application | Invisionpower | Ip.nexus | 1.5.9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IP.Board And IP.Nexus Arbitrary File Include and Cross Site Scripting Vulnerabilities | BID | www.securityfocus.com | |
| IP.Board 3.3.x, 3.4.x Security Update - News and Information - Invision Power Services | CONFIRM | community.invisionpower.com | Patch, Vendor Advisory |
| www.christian-schneider.net/advisories/CVE-2014-3149.txt | MISC | www.christian-schneider.net | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| IP.Board 3.4.x / 3.3.x Cross Site Scripting ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.