Summary
The host is running Invision Power Board and is prone to Cross-Site Scripting Vulnerability.
Impact
Successful exploitation will let attackers execute arbitrary code in the context of the affected web application and can cause various web related attacks by point to malicious IFRAME or HTML data.
Impact Level: Application
Solution
Solution/Patch not available as on 09th April 2009. Information will be updated once the vendor supplies any updates. For further updates refer, http://www.invisionpower.com
Insight
Improper sanitization of user supplied input in the signature data which can cause crafting malicious IFRAME or HTML tags to gain sensitive information about the web application or can cause injection of web pages to the web application.
Affected
Invision Power Board version 2.3.1 and prior.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-6565 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
- Apache Struts Cross Site Scripting Vulnerability
- Admidio get_file.php Remote File Disclosure Vulnerability