Lucene search

[email protected]CVE-2004-2279

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2279

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

invision power board

cross-site scripting

xss

vulnerability

remote attackers

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.3%

JSON

Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardeq1.3_final

CPE	Name	Operator	Version
invision_power_services:invision_power_board	invision power services invision power board	eq	1.3_final

References

archives.neohapsis.com/archives/bugtraq/2004-03/0082.html

exchange.xforce.ibmcloud.com/vulnerabilities/15448

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.3%

JSON

Related for CVE-2004-2279

nessus1