Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3547

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-3547
Last Modified 05 Sep 2008 04:54:40
Published 16 Nov 2005 02:42:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-3547

Summary

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields.

Vulnerable Systems

Application

  • Invision Power Services Invision Board 2.1


References

SECUNIA - 17443

BUGTRAQ - 20051104 Failles dans Invision Power Board 2.1 [xss]

MISC - http://benji.redkod.org/audits/ipb.2.1.pdf

XF - invision-powerboard-admin-xss(22999)

BID - 15345

BID - 15344

OSVDB - 20522

OSVDB - 20521

OSVDB - 20520

OSVDB - 20519

OSVDB - 20518

OSVDB - 20517

OSVDB - 20516


Last Updated: 27 May 2016 10:40:58