Invision Power Board Module_table.PHP Cross Site Scripting Vulnerability
BID:24244
Info
Invision Power Board Module_table.PHP Cross Site Scripting Vulnerability
| Bugtraq ID: | 24244 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2963 |
| Remote: | Yes |
| Local: | No |
| Published: | May 30 2007 12:00AM |
| Updated: | May 07 2015 05:37PM |
| Credit: | Iron is credited with the discovery of this vulnerability |
| Vulnerable: |
Invision Power Services Invision Power Board 2.2.2 |
| Not Vulnerable: | |
Discussion
Invision Power Board Module_table.PHP Cross Site Scripting Vulnerability
Invision Power Board is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
This issue affects Invision Power Board 2.2.2 and prior versions; other versions may also be affected.
Invision Power Board is prone to a cross-site scripting vulnerability.
Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.
This issue affects Invision Power Board 2.2.2 and prior versions; other versions may also be affected.
Exploit / POC
Invision Power Board Module_table.PHP Cross Site Scripting Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
Invision Power Board Module_table.PHP Cross Site Scripting Vulnerability
Solution:
The vendor released a fix to address this issue. Please see the references for more information.
Invision Power Services Invision Power Board 2.2.2
Solution:
The vendor released a fix to address this issue. Please see the references for more information.
Invision Power Services Invision Power Board 2.2.2
-
Invision Power Board ipb_220_30_May_Update.zip
http://forums.invisionpower.com/index.php?act=attach&type=post&id=1166 9
References
Invision Power Board Module_table.PHP Cross Site Scripting Vulnerability
References:
References:
- Invision Board Homepage (Invision Power Services)
- IP.Board 2.2.x Possible XSS Issue (Invision Power Services)