Lucene search

[email protected]CVE-2004-0359

HistoryNov 23, 2004 - 5:00 a.m.

CVE-2004-0359

2004-11-2305:00:00

[email protected]

web.nvd.nist.gov

109

cve-2004-0359

xss

remote execution

invision power board

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.368 Low

EPSS

Percentile

97.2%

JSON

Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters.

Affected configurations

NVD

Node

invision_power_servicesinvision_boardMatch1.3.1_final

invision_power_servicesinvision_boardMatch1.3_final

CPENameOperatorVersion
invision_power_services:invision_boardinvision power services invision boardeq1.3.1_final
invision_power_services:invision_boardinvision power services invision boardeq1.3_final

CPE	Name	Operator	Version
invision_power_services:invision_board	invision power services invision board	eq	1.3.1_final
invision_power_services:invision_board	invision power services invision board	eq	1.3_final

References

marc.info/?l=bugtraq&m=107851589701916&w=2

secunia.com/advisories/11053

www.osvdb.org/4154

www.securityfocus.com/bid/9768

exchange.xforce.ibmcloud.com/vulnerabilities/15403

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.368 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2004-0359

cvelist1 nvd1