Lucene search

[email protected]CVE-2007-2963

HistoryMay 31, 2007 - 11:30 p.m.

CVE-2007-2963

2007-05-3123:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007

cross-site scripting

xss

invision power board

ipb

ip.board 2.2.2

web script

html

module_bbcodeloader.php

module_div.php

module_email.php

module_image.php

module_link.php

module_table.php

jscripts

folder_rte_files

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

CPENameOperatorVersion
invision_power_services:invision_power_boardinvision power services invision power boardle2.2.2

CPE	Name	Operator	Version
invision_power_services:invision_power_board	invision power services invision power board	le	2.2.2

References

forums.invisionpower.com/index.php?showtopic=235069

osvdb.org/35430

osvdb.org/35431

osvdb.org/35432

osvdb.org/35433

osvdb.org/35434

osvdb.org/35435

secunia.com/advisories/25437

www.securityfocus.com/bid/24244

www.vupen.com/english/advisories/2007/1993

exchange.xforce.ibmcloud.com/vulnerabilities/34616

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.2%

JSON

Related for CVE-2007-2963

prion1